Certain URL is not loading in iFrame - can't figure out why

Hello colleagues,

I want to include a Wordpress blog that has been created on a subdomain of one of my websites with the use of an iframe stack in a certain project. (Reason: I couldn’t do in RW what my client expected from this subdomain)

I can’t figure out why the blog is not seen in my iframe page - other URLs are working.

Here the blog I want to include: http://prophetie.rundertisch.at
Here my test site with the RW iframe-page: http://ph1.pro-homine.at/iframe/
Here with another iframe stack called niceframe viewport: http://ph1.pro-homine.at/page-2/

The strange thing: In the edit mode of the RW iframe page I see the content of the blog website I want to import, but a blank page in preview.

For any hints as to where my blind spot is I am grateful to the community… Thanks in advance.

Franz

There is an error:
Refused to display ‘http://prophetie.rundertisch.at/’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.

That means that they have set the header to SAMEORIGIN which means that they have disallowed loading of the resource in an iframe outside of their domain. So this iframe is not able to display cross domain

1 Like

How can this be changed? I am the owner of the sub-domain on which this WP-blog is located, so this should be possible. But who can remove this SAMEORIGIN header, and where?

BTW, thank you for explaining the reason for the not-showing to me!

Franz

here is one way I believe you can also do it with your .htaccess file. Google is your friend.

2 Likes

I’ve seen this issue crop up a couple of times here and there, so will offer what I think I know about it. Its a bit of a stinker though.

Short version:
The website owner has taken steps to prevent http://prophetie.rundertisch.at/ from being rendered in an iFrame on anything apart from on the site itself (SAMEORIGIN). This was achieved by the site owner by configuring X-Frame Options in their WebServer config.

Longer Version:
Chrome inspector tells us what has happened:

Thats the smoking gun. It’s telling us right there that the site has refused our request.

We can verify that the X-Frame Option is set by looking at the header in the network tools:

You can find out more about X-Frame options and how they can be implemented here:-

Feeling brave and not ready to give up? Well, there do seem to be some possible work arounds depending on how deep you are prepared to go. This one caught my eye:
https://blog.elev.io/getting-around-the-x-frame-options-to-sameorigin-issue/

Best of luck!

2 Likes

Ha! @swilliam beat me to it. Ah well…

1 Like

Thank you, guys,

for your help.

@Scott: Where do I need to put this code <?php header('X-Frame-Options: GOFORIT'); ?> in order for it to work?

@Stuart: Does that mean that if the WP-installation would not be in the subdomain but rather in a new folder on the same domain, that it would function? Would this be advisable or do I get into other troubles if I tried that? (I guess this could likely be a disaster of two people were working on the same directory, one with a WP installation, the other with RW…?) But just to clarify in my thinking whether I understood the basics.

@all: Which alternative solutions do you see to include the WP blog into a RW page than using iframe?

Thanks, I appreciate your help.

Franz

according to the article you put it in the wp page template.

There is a plug-in I have no clue if it works in RW 7 ask around on the forum. I used it once back in RW 5 and it worked great.

1 Like

@Franz
If it is your WP site and your domain then perhaps the simplest approach would be to ask your hosting company to remove the X-Frame option thats causing the block.

2 Likes

I am rendering another webpage into iframe using curl getting same origin issues while clicking on some div
I have tried with <?php header('X-Frame-Options: GOFORIT'); ?>

Can u help us regarding this issue