iframe refuses to display

Question

I am trying to load a simple iframe into one of my web pages but it is not displaying   I am getting this error in Chrome   Refused to display  https   cw na1 hgncloud com crossmatch index do  in a frame because an ancestor violates the following Content Security Policy directive   frame-ancestors  self  https   cw na1 hgncloud com     Invalid  X-Frame-Options  header encountered when loading  https   cw na1 hgncloud com crossmatch index do    ALLOW-FROM https   cw na1 hgncloud com  is not a recognized directive  The header will be ignored    This is the code for my iframe    lt p gt  lt iframe src  https   cw na1 hgncloud com crossmatch   width  680  height  500  frameborder  0  gt  lt  iframe gt  lt  p gt    I am not really sure what that means  I have loaded plenty iframes before and never received such errors   Any ideas   Thanks

User · Answer

For any of you calling back to the same server for your IFRAME, pass this simple header inside the IFRAME page:

Content-Security-Policy: frame-ancestors 'self'

Or, add this to your web server's CSP configuration.

User · Answer

The reason for the error is that the host server for https   cw na1 hgncloud com has provided some HTTP headers to protect the document  One of which is that the frame ancestors must be from the same domain as the original content  It seems you are attempting to put the iframe at a domain location that is not the same as the content of the iframe - thus violating the Content Security Policy that the host has set   Check out this link on Content Security Policy for more details

User · Answer

It means that the http server at cw na1 hgncloud com send some http headers to tell web browsers like Chrome to allow iframe loading of that page  https   cw na1 hgncloud com crossmatch   only from a page hosted on the same domain  cw na1 hgncloud com     Content-Security-Policy  frame-ancestors  self  https   cw na1 hgncloud com X-Frame-Options  ALLOW-FROM https   cw na1 hgncloud com   You should read that     https   developer mozilla org en-US docs Web Security CSP https   developer mozilla org en-US docs Web Security Same-origin policy

[html] iframe refuses to display

Examples related to html

Examples related to iframe