https://shottr.cc/s/1vv5/SCR-20240928-wnk.
Page iframe embed not showing on mobile
Sill not fixed
Same problem
same probleme here
Facebook doesnt care about this anymore.
Same problem here that just started occurring! Please fix ASAP
Same here!
Please fixxxxxxx
Same problem here!
Something strange is happening. It's only working if you request the desktop version, and you have to do that through the iPhone Safari settings.
We're receiving a lot of complaints from merchants using our website builder that iframes have stopped showing on Safari. Can we please get this resolved?
It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.
I discovered that if in mobile mode, the domain facebook.com will change to m.facebook.com and there will be problems here.
https://facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId https://m.facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId
Do you know how to fix it?
Explanation
The error "Refused to display 'https://m.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'" means that the Facebook mobile site (m.facebook.com) has security headers configured to prevent itself from being embedded within an iframe on other websites.
Here's a breakdown:
X-Frame-Options: This is an HTTP response header that controls whether a browser should be allowed to render a page in an
<
iframe>. It's a security measure to prevent clickjacking attacks. Clickjacking is when a malicious website overlays a transparent iframe containing another site (like Facebook's login page), tricking the user into interacting with the hidden iframe while thinking they are interacting with the malicious site. 'deny': This specific value of the X-Frame-Options header tells the browser to never display the page in an iframe, regardless of the site trying to embed it. The Problem: You're trying to embed the Facebook mobile site within an iframe on your own website. Facebook's security settings are preventing this. Solutions (none are guaranteed to work, as Facebook could change its policy):
Don't use an iframe for Facebook: This is the most reliable solution. Instead of embedding the entire page, consider using Facebook's official SDKs or APIs to display relevant content (like a Like button, comments section, or a share button). These are designed to work within other websites and are approved by Facebook. This is the recommended approach. Use a different Facebook endpoint (unlikely to work): There might be a different Facebook endpoint or a specific version of their site that doesn't have this restriction. However, this is highly unlikely and not a reliable solution. Facebook actively controls these headers to maintain security. Relying on this is not recommended. Contact Facebook (very unlikely to work): You could contact Facebook and ask them to allow your site to embed their mobile page, but they are very unlikely to make an exception for individual websites. Their security policy is in place for a reason. In summary: The best practice is to avoid embedding m.facebook.com (or any other site that restricts framing) in an iframe and use official Facebook tools to integrate their features. Trying to bypass the X-Frame-Options header is generally a bad idea, as it indicates a potential security vulnerability.
Same here, it's all blocked on mobile due to the iframe header block. Please fixxxx!
I'm having the same issue. I don't use Iframe, but the plug in isn't showing on all mobile browsers. If I change the browser settings to "show desktop site" it works fine. You can't see how it looks on mobile when you use a mobile browser to generate the code on the plug in page, but it shows a preview on desktop.
I've reported it through the Facebook "what's not working" route. Suggest others could do that too.
Having the same problem using Iframe code.
As in the post above 'If I change the browser settings to "show desktop site" it works fine.'
This is ugly.
It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.
Here same problem :(
Here same problem!
It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.
this is fb bug?
It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.