New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 747767 link

Starred by 1 user

Issue metadata

Status: WontFix
Owner: ----
Closed: Jul 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

X-Frame Options to Deny

Reported by dipendra...@spiralogics.com, Jul 24 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36

Steps to reproduce the problem:
1. use chrome version 59.0.3071.115.
2. set up an iframe containing an external site 
3. The external site must have exporting functionality

What is the expected behavior?
The file should have downloaded

What went wrong?
The file does not download. It gives network error with flattened as a message.

Did this work before? N/A 

Does this work in other browsers? Yes

Chrome version: 59.0.3071.115  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version:
 
Labels: Needs-Triage-M59
Cc: brajkumar@chromium.org
Labels: Needs-Feedback
Thanks for the report, Could you please provide a sample test case to check this issue from Chrome-TE end?

Thanks!
Components: Blink>SecurityFeature>XFrameOptions
Thanks for the feedback.However, I do not have the sample test case.The problem is in the production.I have the below error response.

"Refused to display in a frame because it set X-frame Options to deny " and "net ::ERR_blocked_by_response" errors. 

Thank You
Project Member

Comment 5 by sheriffbot@chromium.org, Jul 24 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "brajkumar@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 6 by phistuck@gmail.com, Jul 24 2017

#4 - so can you create one? That would verify that both of the server and the browser are working (or not) as expected.
Sorry, I can't create one.

However,the server is fine.The functionality is working in other versions of chrome.It's not working in the latest version of chrome 59.0.3071.115.

Comment 8 by phistuck@gmail.com, Jul 24 2017

#7 - sorry, but without seeing it, I cannot assume that the server is fine. For example, you might have always used it incorrectly (added a semicolon somewhere, or used a semicolon instead of a comma, as an example of things that are often overlooked) and Chrome was unofficially too forgiving about it and now it does not. In that case, you might need to fix your server and Chrome might stay stricter.

Hopefully, the information you provided will be enough, but if you want to expedite things, proving a test URL will go a long way towards that goal.

Comment 9 by phistuck@gmail.com, Jul 24 2017

Also, I do not quite understand the steps.

What does "The external site must have exporting functionality" mean?
What file do you expect to download?
It means the site should be able to export something in an excel file.So, I am expecting an excel file.

Comment 11 by phistuck@gmail.com, Jul 24 2017

So is it something like
data:text/html,<!doctype html><iframe src="http://product.corel.com/en/draw/10/Tutorials/Draw/html_docs/htmlpics/final_logo.cdr"></iframe>

Because it seems to work. Are you sure the external server does not define X-Frame-Options: deny?
Yes, the html is like the one you specified.But I am not sure if the X-Frame options has been set to deny.Is the new version of chrome strict in this regard. If it is so, then how should it be defined ?
Please, close down the issue.The problem seems to be related to multiple config files in the server.

Thank You for the support
Status: WontFix (was: Unconfirmed)

Sign in to add a comment