openstreetmap/copyright barred from loading in a frame
richard.mann.westoxford at gmail.com
Sat Feb 14 15:27:22 UTC 2015
Stackoverflow has this:
On Sat, Feb 14, 2015 at 3:23 PM, Ian Dees <ian.dees at gmail.com> wrote:
> On Sat, Feb 14, 2015 at 10:21 AM, Tom Hughes <tom at compton.nu> wrote:
>> On 14/02/15 15:19, Richard Mann wrote:
>> If you look at the test webpage that I posted and click on the
>>> OpenStreetMap hyperlink, it does nothing in Chrome/Firefox and in IE
>>> brings up the following:
>>> "This content cannot be displayed in a frame
>>> To help protect the security of information you enter into this website,
>>> the publisher of this content does not allow it to be displayed in a
>>> A bit of googling revealed that some websites do this to prevent
>>> transparent buttons being maliciously placed on top of the content
>>> (clickjacking). So I figured it must have been done deliberately. But
>>> maybe not! Mysterious.
>> I'm not doubting that your page does that, but I can load that page until
>> I'm blue in the face and it tells me nothing about why it is doing it or
>> how we control it!
> Tom, I think the secret is that he wants you to click the "OpenStreetMap"
> link on that page. It's supposed to load inside the iframe but doesn't.
> Chrome tells me:
> "Refused to display 'http://www.openstreetmap.org/copyright' in a frame
> because it set 'X-Frame-Options' to 'SAMEORIGIN'."
> Sure enough, it looks like the X-Frame-Options header from the rails app
> is set to "SAMEORIGIN", which the browser apparently uses as a signal to
> prevent it from loading.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the rails-dev