X-Frame-Options ignored in Chrome / Firefox. IE works

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/103159

Question

I have a simple PageViewer Webpart loading mysites. This displays in an iFrame within IE but doesn't display in Chrome or Firefox.

I have tried adding the following to my MasterPage:

<meta name="X-FRAME-OPTIONS" content="ALLOW-FROM" />
<!--SPM:<WebPartPages:AllowFraming runat="server" />-->

I have also tried adding the following in IIS (on both mysites and host site collection):

X-Frame-Options = SAMEORIGIN
X-Frame-Options = ALLOWALL

None of which work in Chrome or Firefox. I am getting this error in Chrome:

Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, ALLOWALL') encountered when loading 'htp://siteURL:2000'. Falling back to 'DENY'.

Shouldn't it work with SAMEORIGIN if the 2 site collections are on the same server / web application, just a different port? Where can I impact the original setting?

Was it helpful?

Solution

Turns out I had to enable this at the Master page level (of the source trying to load within the iFrame):

<WebPartPages:AllowFraming runat="server" ></WebPartPages:AllowFraming>

Hope this helps someone.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top