Description of issue:
When using twitter player card, the card fails to play resulting in error
Refused to display ‘https://www.spokenedition.com/iframe/AWB0QuAhvmL3ioi5_FtD?autoplay=1&auto_play=true’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.
Whereas, the X-Frame-Options sent by the page are
X-Frame-Options: ALLOW-FROM https://twitter.com/
Could it be due to the fact that the url (https://www.spokenedition.com/iframe/AWB0QuAhvmL3ioi5_FtD) itself loads another iframe which doesn’t have X-Frame-Options header at all ?
URL affected (must be public):
Troubleshooting steps attempted [note that we will not prioritise posts unless there is evidence of following the troubleshooting guides]:
The page with the twitter card was approved by validation system and is a very simple one with just and image and a player itself (the audio player js library is loaded via iframe, as mentioned above)
P.S. in confirmation of my theory that the issue is with the second inception-like iframe is that on a page when we have a player load error (https://www.spokenedition.com/iframe/AWB0QrYkuXhGZDLBmKfM) the player page loads perfectly fine
P.P.S interesting thing - everything’s working now and I did nothing for it to change. It’d be great if anyone could shed some light on X-Frame-Options issue that I described - why it happens/happened and why it’s not present now =)
