Iframe Refuses to Display

iframe refuses to display

It means that the http server at cw.na1.hgncloud.com send some http headers to tell web browsers like Chrome to allow iframe loading of that page (https://cw.na1.hgncloud.com/crossmatch/) only from a page hosted on the same domain (cw.na1.hgncloud.com) :

Content-Security-Policy: frame-ancestors 'self' https://cw.na1.hgncloud.com
X-Frame-Options: ALLOW-FROM https://cw.na1.hgncloud.com

You should read that :

https://developer.mozilla.org/en-US/docs/Web/Security/CSP
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'

O.K. after spending more time on this with the help of this SO post

Overcoming "Display forbidden by X-Frame-Options"

I managed to solve the issue by adding &output=embed to the end of the url before posting to the google URL:

var url = data.url + "&output=embed";
window.location.replace(url);

How to fix Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin

Please use santizer with safe pipe and then include the link as below

<iframe class="doc" src="https://docs.google.com/gview?url=https://subtreebucket.s3.amazonaws.com/docsFile_1559124133664_dummy.pdf&embedded=true"></iframe>

Make sure you are using embedded=true while adding source in the iframe. It'll definitely work

Iframe (Site Name) Refused to Connect. Error

It's not your code as sites can block themselves from being framed.

This is because of a certain header set (X-Frame-Options) as per the mozilla docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
</head>
<body>
  <iframe src="https://www.google.com/" frameborder="0"></iframe>
</body>
</html>

Refused to display 'http://..' in a frame because it set 'X-Frame-Options' to 'sameorigin' when trying to connect to SAML IDP via iframe

The above issue is solved. Here is what was done to solve this issue.
I am connecting to SAML IDP server from my SAML SP, but getting error when loading content in iframe.

To solve this iframe issue:
SAML IDP server is allowing our application hostname to load the page inside iframe. As they are using PingFederate SAML, they followed steps mentioned in below URL:
https://support.pingidentity.com/s/article/Unable-to-Display-content-in-a-frame

Basically they updated their header section with Content Security Policy to allow display of page in iframe.

Thank you.

Overcoming Display forbidden by X-Frame-Options

I had a similar issue, where I was trying to display content from our own site in an iframe (as a lightbox-style dialog with Colorbox), and where we had an server-wide "X-Frame-Options SAMEORIGIN" header on the source server preventing it from loading on our test server.

This doesn't seem to be documented anywhere, but if you can edit the pages you're trying to iframe (eg., they're your own pages), simply sending another X-Frame-Options header with any string at all disables the SAMEORIGIN or DENY commands.

eg. for PHP, putting

<?php
    header('X-Frame-Options: GOFORIT'); 
?>

at the top of your page will make browsers combine the two, which results in a header of

X-Frame-Options SAMEORIGIN, GOFORIT

...and allows you to load the page in an iframe. This seems to work when the initial SAMEORIGIN command was set at a server level, and you'd like to override it on a page-by-page case.

All the best!

Iframe Refuses to Display