Facebook Canvas Not loading Url Even if it has SSL
Question
I was trying to do some sample facebook canvas application,
I have created the app in Facebook developer and created new platform in side facebook canvas.
I have give Canvas secure Url as https://www.google.co.in/ , https://www.audiotube.com/ , https://bitbucket.org
SO I opened the app page which is not loading the data
https://apps.facebook.com/521031588051793
But If I use other https websites means It will load for ex. https://eatwater.co.uk
1 answers
solution1
1 2015-12-07 09:18:48
X-Frame-Options is a relatively new web feature that prevents malicious attacks like framesniffing or clickjacking . New development frameworks such as MVC5 provide out of the box support for this. If the X-FrameOptions response header is set to SAMEORIGIN it means the page can only be included in an iframe in a web site that is in the same domain with the requested page.
other options are:
DENY : no page can use the requested page as an iframe. ALLOW-FROM: http://www.example.com : only allows from the example.com domain. have in mind though this is not supported in chrome and safari browsers.
So to answer your question, the sites you are including in your canvas app are requested by apps.facebook.com to fill an iframe , and the browser blocks the request because these sites' configuration is set to SAMEORIGIN .
take a look at this blog post .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.