openstreetmap/copyright barred from loading in a frame

Ian Dees ian.dees at
Sat Feb 14 15:23:37 UTC 2015

On Sat, Feb 14, 2015 at 10:21 AM, Tom Hughes <tom at> wrote:

> On 14/02/15 15:19, Richard Mann wrote:
>  If you look at the test webpage that I posted and click on the
>> OpenStreetMap hyperlink, it does nothing in Chrome/Firefox and in IE
>> brings up the following:
>> "This content cannot be displayed in a frame
>> To help protect the security of information you enter into this website,
>> the publisher of this content does not allow it to be displayed in a
>> frame."
>> A bit of googling revealed that some websites do this to prevent
>> transparent buttons being maliciously placed on top of the content
>> (clickjacking). So I figured it must have been done deliberately. But
>> maybe not! Mysterious.
> I'm not doubting that your page does that, but I can load that page until
> I'm blue in the face and it tells me nothing about why it is doing it or
> how we control it!

Tom, I think the secret is that he wants you to click the "OpenStreetMap"
link on that page. It's supposed to load inside the iframe but doesn't.

Chrome tells me:
"Refused to display '' in a frame
because it set 'X-Frame-Options' to 'SAMEORIGIN'."

Sure enough, it looks like the X-Frame-Options header from the rails app is
set to "SAMEORIGIN", which the browser apparently uses as a signal to
prevent it from loading.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the rails-dev mailing list