3

Refused to display 'http://sotaexchange.cloudapp.net/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

I redirect my domain sotaexchange.com to a Discourse forum but get the above error. If I switch it to an HTTP redirect there is no problem. I assume the problem is because my redirected to domain has the same text as the original domain and looks like trickery - what can I do to prevent this?

Edit

I am opening a bounty to get a better answer. For more info, I am currently using Windows Azure to host the discourse site and redirecting from a few other domains that I own. I don't want to use an HTTP redirect, I would like to use the Frame redirect.

PW Kad
  • 14,953
  • 7
  • 49
  • 82

2 Answers2

1

The same origin policy requires that the document or script doing the accessing (the parent) have the same protocol , port, and domain as the resource it's accessing (the child).

If I understand correctly, you have a frame in a page on the domain sotaexchange.com, and it's trying to display content from the domain sotaexchange.cloudapp.net. This violates the same origin policy, and many browsers will reject it. A regular HTTP redirect should always be ok.

pieman72
  • 836
  • 8
  • 14
  • Your answer is basically just restating what I said in the problem. I am looking for answers that provide the ability to get around this issue or offers some insight that leads to a solution. – PW Kad Feb 24 '14 at 14:45
  • Sorry if the first answer is not what you're looking for. This browser behavior is not an "issue", but a security feature, so it's difficult to get around it. It would be helpful if you could post some of the redirect code you're using, but without seeing it, I might suggest [message passing](https://developer.mozilla.org/en-US/docs/Web/API/Window.postMessage). Some discussion here: http://stackoverflow.com/questions/7479246/passing-messages-from-iframe-across-all-browsers – pieman72 Mar 01 '14 at 05:59
  • As I posted in my question I am using a frame redirect so there is no code to post. Perhaps if you posted something along the lines of - 'This violates the same origin policy because of x and y and avoid this to allow it to work' then this might be a suitable answer. – PW Kad Mar 03 '14 at 14:40
1

It looks like you are trying to mask the url of the forum. Why don't you use the cname feature? See cname on azure for more info.

Terry Kernan
  • 746
  • 5
  • 12