X-Frame-Options is Deny - how to fix it?



I’m learning to create and authorize a facebook login.

I am not able to reach it because of this error:
Refused to display … in a frame because it set ‘X-Frame-Options’ to ‘DENY’.

I did not know that I was calling for a frame, I just wanted the session id.

How can I fix this?


+1, I’d like to preview an app that redirects to an identity provider for authentication. Currently, have to open it in a separate browser tab (granted, it does store auth tokens for this c9 origin, so only need to do that once in a while). But it is inconvenient when testing the login functionality itself.


X-Frame-Options Deny is set by the page you are trying to open, unfortunately cloud9 can’t do anything to modify it.


That seems strange, because when I open the same page in a regular tab it doesn’t report this error. That’s why I thought it was imposed by Cloud9 IDE window.


X-Frame-Options Deny means that the site doesn’t allow loading itself in an iframe, so browser doesn’t load it in the preview tab in cloud9, which uses an iframe.


I see - thank you for clarifying it. I’ll configure it on our end then.

EDIT: Actually it doesn’t seem possible to control these in our case, since the provider of the authentication page chose to supply those headers (not us). In any case, this is useful info.