Solved

Embedding issue - Refused to display 'https://mycompany.na.gooddata.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

  • 28 June 2020
  • 2 replies
  • 113 views

I have tried to embed GoodData into iframe, however the site does not show and I can see some errors in the browser console - Refused to display 'https://mycompany.na.gooddata.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

icon

Best answer by Martin Burian 28 June 2020, 20:03

When embedding pixel-perfect dashboards, KPI dashboards, or Analytical Designer, you need to construct the URL for an embedded object. Unfortunately, it is not possible to embed the full GoodData Portal and that is why you see the error. There are dedicated resources for embedding. Please check this article for more hints: https://help.gooddata.com/doc/en/building-on-gooddata-platform/gooddata-integration-into-your-application/embed-gooddata-elements-into-your-applications/embedding-code-formats

View original

2 replies

Userlevel 2

When embedding pixel-perfect dashboards, KPI dashboards, or Analytical Designer, you need to construct the URL for an embedded object. Unfortunately, it is not possible to embed the full GoodData Portal and that is why you see the error. There are dedicated resources for embedding. Please check this article for more hints: https://help.gooddata.com/doc/en/building-on-gooddata-platform/gooddata-integration-into-your-application/embed-gooddata-elements-into-your-applications/embedding-code-formats

X-Frame-Options is a header included in the response to the request to state if the domain requested will allow itself to be displayed within a frame. It has nothing to do with javascript or HTML, and cannot be changed by the originator of the request. You can't set X-Frame-Options on the iframe. That is a response header set by the domain from which you are requesting the resource . They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. So you cannot embed their website into yours. Browsers when see that the response header contains X-Frame-Options: SAMEORIGIN, they check your domain and block the rendering of the <iframe>. It is a security measure to avoid clickjacking.

 

Reply