froopydoop
Reputation: 95
chrome doesn't seem to respect X-Frame-Options
I was working on a project and there is an iframe that opens in it. It was refusing to open with the message:
Refused to display 'https://www.example.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
So, I updated X-Frame-Options to "SAMEORIGIN", but it still denies me in chrome. I did a hard refresh, and I checked the headers from the server. The headers indeed show "SAMEORIGIN" for X-Frame-Options.
I opened up firefox, and the page works fine.
Is Chrome caching the old X-Frame-Option value, even though it shows me the correct one? If so, is there a way to get Chrome to forget about it?
Upvotes: 0
Views: 172
Answers (0)
Related Questions
- Removing input background colour for Chrome autocomplete?
- How to manually send HTTP POST requests from Firefox or Chrome browser
- Disable same origin policy in Chrome
- How do I get ASP.NET Web API to return JSON instead of XML using Chrome?
- Getting around X-Frame-Options DENY in a Chrome extension?
- Disabling Chrome cache for website development
- Overcoming "Display forbidden by X-Frame-Options"
- X-Frame-Options: ALLOW-FROM in firefox and chrome