X-Frame Options to Deny
Reported by
dipendra...@spiralogics.com,
Jul 24 2017
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 Steps to reproduce the problem: 1. use chrome version 59.0.3071.115. 2. set up an iframe containing an external site 3. The external site must have exporting functionality What is the expected behavior? The file should have downloaded What went wrong? The file does not download. It gives network error with flattened as a message. Did this work before? N/A Does this work in other browsers? Yes Chrome version: 59.0.3071.115 Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version:
,
Jul 24 2017
Thanks for the report, Could you please provide a sample test case to check this issue from Chrome-TE end? Thanks!
,
Jul 24 2017
,
Jul 24 2017
Thanks for the feedback.However, I do not have the sample test case.The problem is in the production.I have the below error response. "Refused to display in a frame because it set X-frame Options to deny " and "net ::ERR_blocked_by_response" errors. Thank You
,
Jul 24 2017
Thank you for providing more feedback. Adding requester "brajkumar@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 24 2017
#4 - so can you create one? That would verify that both of the server and the browser are working (or not) as expected.
,
Jul 24 2017
Sorry, I can't create one. However,the server is fine.The functionality is working in other versions of chrome.It's not working in the latest version of chrome 59.0.3071.115.
,
Jul 24 2017
#7 - sorry, but without seeing it, I cannot assume that the server is fine. For example, you might have always used it incorrectly (added a semicolon somewhere, or used a semicolon instead of a comma, as an example of things that are often overlooked) and Chrome was unofficially too forgiving about it and now it does not. In that case, you might need to fix your server and Chrome might stay stricter. Hopefully, the information you provided will be enough, but if you want to expedite things, proving a test URL will go a long way towards that goal.
,
Jul 24 2017
Also, I do not quite understand the steps. What does "The external site must have exporting functionality" mean? What file do you expect to download?
,
Jul 24 2017
It means the site should be able to export something in an excel file.So, I am expecting an excel file.
,
Jul 24 2017
So is it something like data:text/html,<!doctype html><iframe src="http://product.corel.com/en/draw/10/Tutorials/Draw/html_docs/htmlpics/final_logo.cdr"></iframe> Because it seems to work. Are you sure the external server does not define X-Frame-Options: deny?
,
Jul 24 2017
Yes, the html is like the one you specified.But I am not sure if the X-Frame options has been set to deny.Is the new version of chrome strict in this regard. If it is so, then how should it be defined ?
,
Jul 24 2017
Please, close down the issue.The problem seems to be related to multiple config files in the server. Thank You for the support
,
Jul 24 2017
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by nyerramilli@chromium.org
, Jul 24 2017