This is a migrated thread and some comments may be shown as answers.

Access denied error when trying to access cross domain site through iFrame

1 Answer 1176 Views
General Discussions
This is a migrated thread and some comments may be shown as answers.
Naidu
Top achievements
Rank 1
Naidu asked on 12 Jun 2013, 10:04 AM

Hi,

 when opened the below URL in IFrame we are getting the below mentioned Error

URL:http://50.194.126.152/index.php?action=Authenticate.login

Error: Load denied by X-Frame-Options: http://50.194.126.152/index.php?action=Authenticate.login does not permit cross-origin framing.

we are using IIS 7.5 ,visual studio 2010,windows 7 and Telerik rad controls trail version

Please anybody help me.

Best Regards
Suleak
Top achievements
Rank 1
commented on 22 Nov 2022, 10:56 AM

We are having similar issue.  Is anyone having answer on this?
Doncho
Telerik team
commented on 24 Nov 2022, 09:07 AM

Hi Suleak,

I have answered the formal support ticket you have opened on the same topic. For transparency, I am pasting my answer here as well.

1 Answer, 1 is accepted

Sort by
0
Doncho
Telerik team
answered on 24 Nov 2022, 09:06 AM

The error in question is the result of a conflict with the browser security rules.

Nowadays browsers have tightened their security and you cannot seamlessly load web pages in an iframe like https://www.google.com and https://www.telerik.com because this leads to an 'X-Frame-Options'  error.

For example, try placing this tag on any random aspx.html page

<iframe src="https:/www.google.com"></iframe>

this error will be thrown in the console:

Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

More details about the X-Frame-Option setup can be found at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options.

In short, this setting specifies whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>.

If you manage to overcome this browser limitation with an iframe, you will be able to achieve it with RadWindow too. When RadWindow is configured to use its NavigateURL property it renders the page in an iframe and this scenario is the same as adding an iframe on the page and setting the src to the URL you have. 

If you get the same errors, this is a default browser behavior due to its security. You will need to research your site setup and update the frame settings for the site you are loading.

Kind regards,
Doncho
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tags
General Discussions
Asked by
Naidu
Top achievements
Rank 1
Answers by
Doncho
Telerik team
Share this question
or