部分的な機能停止share-external
Page iframe embed not showing on mobile
10

https://shottr.cc/s/1vv5/SCR-20240928-wnk.

Page iframe embed not showing on mobile

Tuấn Khiêm Hạ
質問日時: 約2ヶ月前
選択された回答
1

Sill not fixed

10月12日 9:13
Tuấn Khiêm Hạ
1

Same problem

10月16日 1:46
Michał
1

same probleme here

10月21日 9:20
Boris
1

Facebook doesnt care about this anymore.

10月21日 16:35
Samuel
1

Same problem here that just started occurring! Please fix ASAP

10月26日 16:37
Kane
1

Same here!

10月30日 6:28
Matthias
1

Please fixxxxxxx

11月1日 10:01
Tuấn Khiêm Hạ
1

Same problem here!

11月5日 2:14
Marc
2

Something strange is happening. It's only working if you request the desktop version, and you have to do that through the iPhone Safari settings.

We're receiving a lot of complaints from merchants using our website builder that iframes have stopped showing on Safari. Can we please get this resolved?

10月3日 12:30
Vlad
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

10月3日 12:31
2

I discovered that if in mobile mode, the domain facebook.com will change to m.facebook.com and there will be problems here.

https://facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId https://m.facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

10月17日 0:04
Hải
Tuấn Khiêm Hạ

Do you know how to fix it?

10月20日 7:53
Hải

Explanation

The error "Refused to display 'https://m.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'" means that the Facebook mobile site (m.facebook.com) has security headers configured to prevent itself from being embedded within an iframe on other websites.

Here's a breakdown:

X-Frame-Options: This is an HTTP response header that controls whether a browser should be allowed to render a page in an

<

iframe>. It's a security measure to prevent clickjacking attacks. Clickjacking is when a malicious website overlays a transparent iframe containing another site (like Facebook's login page), tricking the user into interacting with the hidden iframe while thinking they are interacting with the malicious site. 'deny': This specific value of the X-Frame-Options header tells the browser to never display the page in an iframe, regardless of the site trying to embed it. The Problem: You're trying to embed the Facebook mobile site within an iframe on your own website. Facebook's security settings are preventing this. Solutions (none are guaranteed to work, as Facebook could change its policy):

Don't use an iframe for Facebook: This is the most reliable solution. Instead of embedding the entire page, consider using Facebook's official SDKs or APIs to display relevant content (like a Like button, comments section, or a share button). These are designed to work within other websites and are approved by Facebook. This is the recommended approach. Use a different Facebook endpoint (unlikely to work): There might be a different Facebook endpoint or a specific version of their site that doesn't have this restriction. However, this is highly unlikely and not a reliable solution. Facebook actively controls these headers to maintain security. Relying on this is not recommended. Contact Facebook (very unlikely to work): You could contact Facebook and ask them to allow your site to embed their mobile page, but they are very unlikely to make an exception for individual websites. Their security policy is in place for a reason. In summary: The best practice is to avoid embedding m.facebook.com (or any other site that restricts framing) in an iframe and use official Facebook tools to integrate their features. Trying to bypass the X-Frame-Options header is generally a bad idea, as it indicates a potential security vulnerability.

10月21日 20:23
2

Same here, it's all blocked on mobile due to the iframe header block. Please fixxxx!

10月26日 18:27
Maria
3

I'm having the same issue. I don't use Iframe, but the plug in isn't showing on all mobile browsers. If I change the browser settings to "show desktop site" it works fine. You can't see how it looks on mobile when you use a mobile browser to generate the code on the plug in page, but it shows a preview on desktop.

10月1日 2:15
Simon
Simon

I've reported it through the Facebook "what's not working" route. Suggest others could do that too.

10月1日 3:16
Doug

Having the same problem using Iframe code.

As in the post above 'If I change the browser settings to "show desktop site" it works fine.'

This is ugly.

10月1日 11:43
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

10月3日 12:31
4

Here same problem :(

9月28日 14:15
Ronnie
4

Here same problem!

9月30日 0:36
Ronnie
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

10月3日 12:31
4

this is fb bug?

9月30日 8:33
Tuấn Khiêm Hạ
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

10月3日 12:31