6

I'm developing a Messenger application featuring wevbiews

It used to work fine on web but at some point it started showing this:

Refused to display 'https://www.messenger.com/t/EAPdevelopment?fb_iframe_origin=https%3A%2F%2Fwww.messenger.com' in a frame because it set 'X-Frame-Options' to 'deny'.

I have no idea what could go wrong, moreover, I've always sent this:

header('X-Frame-Options: ALLOW-FROM https://www.messenger.com/');
header('X-Frame-Options: ALLOW-FROM https://www.facebook.com/');

to server anyway.

How is is possible to resolve this issue?

Арсен Гоян
  • 330
  • 4
  • 14
  • 1
    Recently it started showing the same error for me too. – Bence Gedai Jan 18 '18 at 12:55
  • 2
    I'm having the same problem myself. What bugs me is that the following bot exhibit the same issue: https://www.messenger.com/t/MessengerTaskBot I suspect the issue to be on Facebook side. I found the following github ticket which describes the same issue (blank webview iframe) which might need reopening, but it doesn't mention the `X-Frame-Options` error message. https://github.com/fbsamples/messenger-bot-samples/issues/15 – Romain G Jan 18 '18 at 16:25
  • 3
    Actually several people have this issue, probably Facebook messed up something. Here's an official bug report: https://developers.facebook.com/bugs/147147746075305/ – Bence Gedai Jan 18 '18 at 19:21
  • Do you add those two lines in the `php` file that the `iframe` navigates to? – n1nsa1d00 Mar 22 '18 at 19:10
  • @MarcoDufal, essentially, that's the only place you should actually add them. – Арсен Гоян Mar 22 '18 at 19:39
  • @АрсенГоян I currently don't have them and my pages display just fine.. I was having an initial bug as I had some incorrect `javascript`, but once fixed everything displays fine as in the webview from the mobile app... I wonder now if they are essential.. – n1nsa1d00 Mar 22 '18 at 19:45
  • @MarcoDufal if it displays fine, you don't have to send the headers. The bug must have been resolved by making them optional or whatever. – Арсен Гоян Mar 23 '18 at 17:27

1 Answers1

0

Actually, facebook website has this issue, on messenger app its working fine. So they have bug on their site which they have resolved and will push on production in some time.

As mentioned in the facebook developer forum https://developers.facebook.com/bugs/147147746075305/

joseantgv
  • 1,943
  • 1
  • 26
  • 34
vivek
  • 32
  • 2
  • Creative answer based on my comment. – Bence Gedai Jan 19 '18 at 07:41
  • @BenceGedai According to my interaction with Facebook developers team this morning, they have checked the bug from their end and resolved it. They are going to push the change in Production and it will be reflected soon. I am enlightening the users about the situation and the steps taken by facebook regarding this, which is more elaborate than what you are saying in the 1 liner. – vivek Jan 19 '18 at 09:45
  • Yeah, it turned out they already fixed it. Thanks everyone for keeping up to date – Арсен Гоян Jan 19 '18 at 13:44
  • we are still facing this issue in android webview – Touqeer Shafi Jan 31 '19 at 13:14