Django nginx Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

About

Asked 8/6, 2016 at 6:33 Answered 26/7, 2017 at 12:55

I have deployed a django web application on a server with nginx and uwsgi. I can access the site perfectly using the ip address.

I purchased a domain name say abc.example.com and pointed it to my ip address. Now when i go the domain name it loads a blank page and throws an error in browser console:

In Chrome:

Refused to display 'ip address' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

In Mozilla:

Load denied by X-Frame-Options: 'ip address' does not permit cross-origin framing.

The point is I dont have any iframe in my whole Application.

What is this error and how can i solve it?

When i go to application using ip address it works perfectly as it is supposed to be. Then what is the problem with domain? I double checked the settings in dns zone on godaddy but couldn't figure out anything.

Ununa answered 8/6, 2016 at 6:33 Comment(4)

Django settings.py has X_FRAME_OPTIONS parameter. Try changing it's value to DENY, according to docs.djangoproject.com/ja/1.9/ref/clickjacking/… . If this will not help, try to disable middleware to see what happens. – Existence 8/6, 2016 at 7:20

The error indicates that there is an iframe there. What is the result when you select "show source" in the web browser? – Spinnaker 8/6, 2016 at 7:22

@KidBinary disabling the middleware worked. – Ununa 8/6, 2016 at 9:27

@ManishGupta: I see... This middleware for some reason thinks that you trying to load your website from a different origin. That clearly points that problem is with GoDaddy configuration. Maybe it's #22515998 ? – Existence 8/6, 2016 at 9:49

In 'settings.py' file, add these two lines. It may help you.

X_FRAME_OPTIONS = 'SAMEORIGIN'

XS_SHARING_ALLOWED_METHODS = ['POST','GET','OPTIONS', 'PUT', 'DELETE']

Castiglione answered 26/7, 2017 at 12:55 Comment(6)

its secure allowall? Can I allow just a specific domain? thanks – Firdausi 21/6, 2018 at 14:44

Perfect answer. I was looking out for a perfect solution for this error, and you had given the exact answer which I was actually expected. Thank you. – Il 29/1, 2021 at 5:35

this exactly what i was looking for.. thanks <3 – Glister 15/2, 2021 at 6:37

X_FRAME_OPTIONS = 'SAMEORIGIN' works and is safer. – Polymeric 9/7, 2021 at 7:3

This work for me. thank you – Monazite 5/1, 2022 at 21:9

This solution has served me perfectly. Thanks. – Nidianidicolous 26/4 at 14:14

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags