html - iframe refuses to display

Question

I am trying to load a simple iframe into one of my web pages but it is not displaying. I am getting this error in Chrome:

Refused to display 'https://cw.na1.hgncloud.com/crossmatch/index.do' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://cw.na1.hgncloud.com".


Invalid 'X-Frame-Options' header encountered when loading 'https://cw.na1.hgncloud.com/crossmatch/index.do': 'ALLOW-FROM https://cw.na1.hgncloud.com' is not a recognized directive. The header will be ignored.

This is the code for my iframe:

<p><iframe src="https://cw.na1.hgncloud.com/crossmatch/" width="680" height="500" frameborder="0"></iframe></p>

I am not really sure what that means. I have loaded plenty iframes before and never received such errors.

Any ideas?

Answer 1

It means that the http server at cw.na1.hgncloud.com send some http headers to tell web browsers like Chrome to allow iframe loading of that page (https://cw.na1.hgncloud.com/crossmatch/) only from a page hosted on the same domain (cw.na1.hgncloud.com) :

Content-Security-Policy: frame-ancestors 'self' https://cw.na1.hgncloud.com
X-Frame-Options: ALLOW-FROM https://cw.na1.hgncloud.com

You should read that :

• https://developer.mozilla.org/en-US/docs/Web/Security/CSP
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy