拒绝在框架中显示,因为它将“X-Frame-Options"设置为“SAMEORIGIN" [英] Refused to display in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'
问题描述
我正在开发一个应该具有响应性的网站,以便人们可以通过手机访问它.该网站有一些安全部分,可以使用 Google、Facebook 等 (OAuth) 登录.
I am developing a website that is supposed to be responsive so that people can access it from their phones. The site has got some secured parts that can be logged into using Google, Facebook, ...etc (OAuth).
服务器后端使用 ASP.Net Web API 2 开发,前端主要是 AngularJS 和一些 Razor.
The server backend is developed using ASP.Net Web API 2 and the front end is mainly AngularJS with some Razor.
对于身份验证部分,在包括 Android 在内的所有浏览器中一切正常,但 Google 身份验证在 iPhone 上不起作用,它给了我这个错误消息
For the authentication part, everything is working fine in all browsers including Android but the Google authentication is not working on iPhone and it gives me this error message
Refused to display 'https://accounts.google.com/o/openid2/auth
?openid.ns=http://specs.openid.ne…tp://axschema.org/namePerson
/last&openid.ax.required=email,name,first,last'
in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
现在就我而言,我的 HTML 文件中没有使用任何 iframe.
Now as far I am concerned I do not use any iframe in my HTML files.
我用谷歌搜索,但没有答案让我解决问题.
I googled around, but no answer got me to fix the issue.
推荐答案
O.K.在这篇SO帖子的帮助下花了更多时间之后
O.K. after spending more time on this with the help of this SO post
在发布到 google URL 之前,我通过在 url 末尾添加 &output=embed 来解决这个问题:
I managed to solve the issue by adding &output=embed to the end of the url before posting to the google URL:
var url = data.url + "&output=embed";
window.location.replace(url);
这篇关于拒绝在框架中显示,因为它将“X-Frame-Options"设置为“SAMEORIGIN"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
