Player card refuses to play referring to 'X-Frame-Options' with 'deny' while it's actually ALLOW-FROM https://twitter.com/


#1

Description of issue:
When using twitter player card, the card fails to play resulting in error
Refused to display ‘https://www.spokenedition.com/iframe/AWB0QuAhvmL3ioi5_FtD?autoplay=1&auto_play=true’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.
Whereas, the X-Frame-Options sent by the page are
X-Frame-Options: ALLOW-FROM https://twitter.com/

Could it be due to the fact that the url (https://www.spokenedition.com/iframe/AWB0QuAhvmL3ioi5_FtD) itself loads another iframe which doesn’t have X-Frame-Options header at all ?

URL affected (must be public):

Troubleshooting steps attempted [note that we will not prioritise posts unless there is evidence of following the troubleshooting guides]:
The page with the twitter card was approved by validation system and is a very simple one with just and image and a player itself (the audio player js library is loaded via iframe, as mentioned above)

P.S. in confirmation of my theory that the issue is with the second inception-like iframe is that on a page when we have a player load error (https://www.spokenedition.com/iframe/AWB0QrYkuXhGZDLBmKfM) the player page loads perfectly fine

P.P.S interesting thing - everything’s working now and I did nothing for it to change. It’d be great if anyone could shed some light on X-Frame-Options issue that I described - why it happens/happened and why it’s not present now =)


closed #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.