cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Stay updated on what is happening on the PTC Community by subscribing to PTC Community Announcements. X

Webframe X-Frame-Options "SAMEORIGIN" Error

shaffere
4-Participant

Webframe X-Frame-Options "SAMEORIGIN" Error

There are a few things mentioned on this site about this "SAMEORIGIN" error along with suggested fixes.  But the easiest fix I have found is when entering the URL, add the following parameter ("?rs:embed=true") (without parens and quotes, of course).  You should then be able to open URLs within the Webframe widget.  Your URL should then read something like https://my.domain.com/myreport?rs:embed-true&otherparams=asneeded.

 

I ran across this when attempting to pull down a report from SSRS into ThingWorx.  The on-screen error was not helpful at all (On-screen rror message:  <URL> refused to connect).  But when I opened Developer Tools, I saw the full error (“Refused to display <  URL > in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’ ”).  Adding the above parameter allowed the report to open very easily, and then you can then print a full paginated report from within ThingWorx from SSRS.

 

E. Shaffer

1 ACCEPTED SOLUTION

Accepted Solutions

You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

 

I faced the same error when displaying YouTube links. For example: https://www.youtube.com/watch?v=8WkuChVeL0s

I replaced watch?v= with embed/ so the valid link will be: https://www.youtube.com/embed/8WkuChVeL0s

 

It works well.

 

Try to apply the same rule on your case.

 

SAMEORIGIN

 

The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.

 

View solution in original post

2 REPLIES 2
slangley
23-Emerald II
(To:shaffere)

Hi @shaffere.

 

Thank you for sharing this information.  We appreciate your participation on the community!

 

Regards.

 

--Sharon

You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

 

I faced the same error when displaying YouTube links. For example: https://www.youtube.com/watch?v=8WkuChVeL0s

I replaced watch?v= with embed/ so the valid link will be: https://www.youtube.com/embed/8WkuChVeL0s

 

It works well.

 

Try to apply the same rule on your case.

 

SAMEORIGIN

 

The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.

 

Top Tags