Http headers 空白画布=>';拒绝显示文档,因为X-Frame-Options禁止显示;
当画布应用程序加载到iframe中时,没有显示任何内容,并且在Chrome Firebug控制台上,我看到错误: 拒绝显示文档,因为X-Frame-Options禁止显示 我尝试了这个解决方案:Http headers 空白画布=>';拒绝显示文档,因为X-Frame-Options禁止显示;,http-headers,facebook-iframe,facebook-canvas,Http Headers,Facebook Iframe,Facebook Canvas,当画布应用程序加载到iframe中时,没有显示任何内容,并且在Chrome Firebug控制台上,我看到错误: 拒绝显示文档,因为X-Frame-Options禁止显示 我尝试了这个解决方案: 如果其他人有此问题,我只需将此添加到我的链接中即可解决此问题: :target=>“\u top” 这使得它将auth加载到顶部窗口中 从这里开始: 您能将竞争标题发送到浏览器(也就是被浏览器看到)吗?当然可以。感谢@dmcst这似乎是Facebook的标题。iframe内容的标题如何?我在服务器的响
如果其他人有此问题,我只需将此添加到我的链接中即可解决此问题:
:target=>“\u top”您能将竞争标题发送到浏览器(也就是被浏览器看到)吗?当然可以。感谢@dmcst这似乎是Facebook的标题。iframe内容的标题如何?我在服务器的响应中没有看到X-Frame-Options标题。请确保您的主机提供商没有将其剥离,并且您的代码中没有可能删除该标头的错误。我遇到了相同的问题,类似于此的解决方案解决了我的问题。正如(模糊的)facebook文档中所述,您应该将用户重定向到顶部框架中的登录url,而不是iframe中的登录url。我通过发送一个只有:
top.location.href=“THE\u LOGIN\u URL” class ApplicationController < ActionController::Base
protect_from_forgery
before_filter :set_xframeoption
def set_xframeoption
response.headers["X-Frame-Options"]='GOFORIT'
end
end
- FB Resquest Header -
GET /dropis_app/ HTTP/1.1
Host: apps.facebook.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: [lot of stuff]
- FB Response Header -
HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
X-FB-Debug: JGyR/rXLGOKtchBAPFmyYiPZrd5npWbORZgq4sirM1Q=
X-Cnection: close
Transfer-Encoding: chunked
Date: Wed, 01 Feb 2012 17:58:00 GMT
- iFrame Request Header -
Request URL:https://foobar.herokuapp.com/
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:433
Content-Type:application/x-www-form-urlencoded
Host:dropis.herokuapp.com
Origin:https://apps.facebook.com
Referer:https://apps.facebook.com/foobar/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Form Dataview URL encoded
- iFrame Form Data -
signed_request: [removed]
- iFrame Response Header -
Response Headersview source
Cache-Control:no-cache
Connection:keep-alive
Content-Length:195
Content-Type:text/html; charset=utf-8
Date:Thu, 02 Feb 2012 16:35:27 GMT
Location:https://graph.facebook.com/oauth/authorize?client_id=[removed]&redirect_uri=https://foobar.herokuapp.com/users/callback
Server:WEBrick/1.3.1 (Ruby/1.9.2/2011-07-09)
Set-Cookie:_dropis_static_session=[removed]; path=/; HttpOnly
X-Rack-Cache:invalidate, pass
X-Runtime:0.001540
X-Ua-Compatible:IE=Edge,chrome=1