Skip to main content
S
shaffere1-Visitor
1-Visitor
February 24, 2020
Solved

Webframe X-Frame-Options "SAMEORIGIN" Error

  • February 24, 2020
  • 2 replies
  • 7353 views

There are a few things mentioned on this site about this "SAMEORIGIN" error along with suggested fixes.  But the easiest fix I have found is when entering the URL, add the following parameter ("?rs:embed=true") (without parens and quotes, of course).  You should then be able to open URLs within the Webframe widget.  Your URL should then read something like https://my.domain.com/myreport?rs:embed-true&otherparams=asneeded.

 

I ran across this when attempting to pull down a report from SSRS into ThingWorx.  The on-screen error was not helpful at all (On-screen rror message:  <URL> refused to connect).  But when I opened Developer Tools, I saw the full error (“Refused to display <  URL > in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’ ”).  Adding the above parameter allowed the report to open very easily, and then you can then print a full paginated report from within ThingWorx from SSRS.

 

E. Shaffer

Best answer by KK_10466038

You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

 

I faced the same error when displaying YouTube links. For example: https://www.youtube.com/watch?v=8WkuChVeL0s

I replaced watch?v= with embed/ so the valid link will be: https://www.youtube.com/embed/8WkuChVeL0s

 

It works well.

 

Try to apply the same rule on your case.

 

SAMEORIGIN

 

The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.

 

2 replies

S
slangleyCommunity Manager
Community Manager
April 3, 2020

Hi @shaffere.

 

Thank you for sharing this information.  We appreciate your participation on the community!

 

Regards.

 

--Sharon

K
KK_104660381-VisitorAnswer
1-Visitor
October 24, 2022

You cannot display a lot of websites inside an iFrame. Reason being that they send an "X-Frame-Options: SAMEORIGIN" response header. This option prevents the browser from displaying iFrames that are not hosted on the same domain as the parent page.

 

I faced the same error when displaying YouTube links. For example: https://www.youtube.com/watch?v=8WkuChVeL0s

I replaced watch?v= with embed/ so the valid link will be: https://www.youtube.com/embed/8WkuChVeL0s

 

It works well.

 

Try to apply the same rule on your case.

 

SAMEORIGIN

 

The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.

 

    Terms & ConditionsCookie settingsAccessibility statement