Loading Iframe Facebook (Load denied by X-Frame-Options)

Asked 16/2, 2013 at 21:10 Answered 22/5, 2022 at 12:30

My team is in charge of some difficulties with an app on Facebook. We believe this occurred some error in loading the iframe. We discovered this error through Firebug:

Load denied by X-Frame-Options: https://www.facebook.com/dialog/oauth?client_id=140656472747871&redirect_uri=https%3A%2F%2Fnuvemapps.com.br%2Fci%2Fncupons%2Fhome%2F%3Ffb_source%3Dsearch%26ref%3Dts%26fref%3Dts&state=32e667a3645c047d751d20811d49ef6b&req_perms=email%2C+publish_steram%2C+manage_pages does not permit framing.

This happens mainly with people who have not allowed the app, so we do not know specifically where this problem is starting. We still have three possible causes left:

Server Configuration
Problem with our coding
Or in our setup facebook app dev

Can anyone help in identifying this error?

Here is the link to the app: https://apps.facebook.com/cupomigo

Pitre answered 16/2, 2013 at 21:10 Comment(2)

Isn't this a security thing? If you could load facebook login into an iframe then you could do click jacking. – Alcantara 22/2, 2015 at 22:12

If you're in control of the server this is running on, check what security middleware you might be using. For example, I'm running a node server and I had to disable xssFilter middleware and frameguard middleware. Now this error is gone. – Insuperable 16/10, 2017 at 21:4

I used target="_top" for the link, and it is now working perfectly.

Stoplight answered 23/6, 2013 at 13:10 Comment(6)

In Page Tab App case, it won't work, as it will navigate away from Page Tab – Empoison 2/10, 2013 at 4:33

If you're inside of a Canvas based app, this will also break out of the iFrame and take the user to the self-hosted application. Not desirable. – Brusquerie 25/2, 2014 at 16:2

where did I use target="_top" ?? – Fabien 9/3, 2015 at 21:27

They're trying to login from within an iframe. They have an anchor tag <a href="facebook.com/dialog/oauth?client_id=....etc" target="_top">LOGIN TO FACEBOOK</a>. This will go to the iframes parent window (and its parent window if there is on, etc) and take the whole window to that url. If you are trying to use an iframe for logging your main window into facebook this won't help. – Populate 5/10, 2015 at 18:56

Thank you @Altaf, that helped :) – Hemato 1/2, 2017 at 16:42

really you saved me! – Neaten 17/3, 2017 at 7:2

Use this line given below instead of header() function.

echo "<script>window.top.location = 'https://apps.facebook.com/yourappnamespace/';</script>";

Knap answered 7/10, 2013 at 10:38 Comment(0)

Just add

https://www.facebook.com/plugins/video.php?href=""

Before your link:

https://www.facebook.com/plugins/video.php?href="https://yourlink.com"

Scorpion answered 4/12, 2021 at 22:17 Comment(0)

In my case I had the same error, but for the comment plugin, I don't know if it helps but I solved it by inserting the moderation or administration meta-tag

<meta property="fb:app_id" content="&#123;YOUR_APP_ID&#125;" />

Anyway, if the user is not logged into Facebook you will still have the same problem. I hope I have been helpful, good work.

Periderm answered 22/5, 2022 at 12:30 Comment(0)

Recommended topics

Hot tags