Reputation: 609
Facebook Canvas Not loading Url Even if it has SSL
I was trying to do some sample facebook canvas application,
I have created the app in Facebook developer and created new platform in side facebook canvas.
I have give Canvas secure Url as https://www.google.co.in/, https://www.audiotube.com/, https://bitbucket.org
SO I opened the app page which is not loading the data
https://apps.facebook.com/521031588051793
But If I use other https websites means It will load for ex. https://eatwater.co.uk
Upvotes: 0
Views: 69
Answers (1)
Reputation: 1064
X-Frame-Options is a relatively new web feature that prevents malicious attacks like framesniffing or clickjacking. New development frameworks such as MVC5 provide out of the box support for this. If the X-FrameOptions response header is set to SAMEORIGIN it means the page can only be included in an iframe in a web site that is in the same domain with the requested page.
other options are:
DENY: no page can use the requested page as an iframe.
ALLOW-FROM: http://www.example.com: only allows from the example.com domain. have in mind though this is not supported in chrome and safari browsers.
So to answer your question, the sites you are including in your canvas app are requested by apps.facebook.com to fill an iframe, and the browser blocks the request because these sites' configuration is set to SAMEORIGIN.
take a look at this blog post.
Upvotes: 1
Related Questions
- debug facebook canvas app after ssl restriction
- Facebook App : This must be derived from Canvas URL, Secure Canvas URL
- Facebook mobile canvas url -> not working?
- Facebook App - secure canvas - SSL
- Canvas URL / Secure Canvas URL error message
- Facebook Canvas App developing without SSL
- Facebook Canvas app: Force SSL
- Facebook Canvas App: SSL connection error
- Facebook javascript sdk working without ssl
- Facebook Canvas App not loading my URL