Refused to display 'URL' in a frame because it set 'x-frame-options' is set to 'deny'. But i am not using iFrame

Question

Refused to display 'https://pb-dev.testsite.com/portal/file.pdf#page=1' in a frame because it set 'x-frame-options' is set to 'deny'. Problem is I am not using iFrame. I am using embed tag in my html.

Image URL : https://pb-dev.testsite.com/portal/file.pdf#page=1 Site : https://pb-dev.testsite.com

The webapp is installed on a remote windows machine where the image shows without any issue but if i try to access the same URL from my local machine, it gives me the mentioned error.

Issue is happening on all the browsers and the error is same. I am also aware about a google chrome extension(https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe) which will disable the security on Chrome but i looking for more of a permanent solution.

<td width="40%">
<embed src="https://pb-dev.testsite.com/portal/file.pdf#page=1" type="application/pdf" width="100%" height="600px" id ="fileURL" />
</td>

My end goal is to have image loaded even from my local network. Bear in mind that this is not a network issue. Rest of the functionality and header footer images which are present on the remote windows server are loading properly.

Answer 1

Please set X-Frame-Options to sameorigin instead of deny in your server. For more details please have a look at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options