สัญญาณขาดหายบางส่วนshare-external
Page iframe embed not showing on mobile
10

https://shottr.cc/s/1vv5/SCR-20240928-wnk.

Page iframe embed not showing on mobile

Tuấn Khiêm Hạ
ถามแล้ว ประมาณ​ 2 เดือนที่แล้ว
คำตอบที่เลือก
1

Sill not fixed

12 ตุลาคม เวลา 09:13 น.
Tuấn Khiêm Hạ
1

Same problem

16 ตุลาคม เวลา 01:46 น.
Michał
1

same probleme here

21 ตุลาคม เวลา 09:20 น.
Boris
1

Facebook doesnt care about this anymore.

21 ตุลาคม เวลา 16:35 น.
Samuel
1

Same problem here that just started occurring! Please fix ASAP

26 ตุลาคม เวลา 16:37 น.
Kane
1

Same here!

30 ตุลาคม เวลา 06:28 น.
Matthias
1

Please fixxxxxxx

1 พฤศจิกายน เวลา 10:01 น.
Tuấn Khiêm Hạ
1

Same problem here!

5 พฤศจิกายน เวลา 02:14 น.
Marc
2

Something strange is happening. It's only working if you request the desktop version, and you have to do that through the iPhone Safari settings.

We're receiving a lot of complaints from merchants using our website builder that iframes have stopped showing on Safari. Can we please get this resolved?

3 ตุลาคม เวลา 12:30 น.
Vlad
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 ตุลาคม เวลา 12:31 น.
2

I discovered that if in mobile mode, the domain facebook.com will change to m.facebook.com and there will be problems here.

https://facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId https://m.facebook.com/plugins/page.php?href=<FANPAFE_URL>&tabs=timeline&width=340&height=65&small_header=false&adapt_container_width=true&hide_cover=false&show_facepile=true&appId

17 ตุลาคม เวลา 00:04 น.
Hải
Tuấn Khiêm Hạ

Do you know how to fix it?

20 ตุลาคม เวลา 07:53 น.
Hải

Explanation

The error "Refused to display 'https://m.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'" means that the Facebook mobile site (m.facebook.com) has security headers configured to prevent itself from being embedded within an iframe on other websites.

Here's a breakdown:

X-Frame-Options: This is an HTTP response header that controls whether a browser should be allowed to render a page in an

<

iframe>. It's a security measure to prevent clickjacking attacks. Clickjacking is when a malicious website overlays a transparent iframe containing another site (like Facebook's login page), tricking the user into interacting with the hidden iframe while thinking they are interacting with the malicious site. 'deny': This specific value of the X-Frame-Options header tells the browser to never display the page in an iframe, regardless of the site trying to embed it. The Problem: You're trying to embed the Facebook mobile site within an iframe on your own website. Facebook's security settings are preventing this. Solutions (none are guaranteed to work, as Facebook could change its policy):

Don't use an iframe for Facebook: This is the most reliable solution. Instead of embedding the entire page, consider using Facebook's official SDKs or APIs to display relevant content (like a Like button, comments section, or a share button). These are designed to work within other websites and are approved by Facebook. This is the recommended approach. Use a different Facebook endpoint (unlikely to work): There might be a different Facebook endpoint or a specific version of their site that doesn't have this restriction. However, this is highly unlikely and not a reliable solution. Facebook actively controls these headers to maintain security. Relying on this is not recommended. Contact Facebook (very unlikely to work): You could contact Facebook and ask them to allow your site to embed their mobile page, but they are very unlikely to make an exception for individual websites. Their security policy is in place for a reason. In summary: The best practice is to avoid embedding m.facebook.com (or any other site that restricts framing) in an iframe and use official Facebook tools to integrate their features. Trying to bypass the X-Frame-Options header is generally a bad idea, as it indicates a potential security vulnerability.

21 ตุลาคม เวลา 20:23 น.
2

Same here, it's all blocked on mobile due to the iframe header block. Please fixxxx!

26 ตุลาคม เวลา 18:27 น.
Maria
3

I'm having the same issue. I don't use Iframe, but the plug in isn't showing on all mobile browsers. If I change the browser settings to "show desktop site" it works fine. You can't see how it looks on mobile when you use a mobile browser to generate the code on the plug in page, but it shows a preview on desktop.

1 ตุลาคม เวลา 02:15 น.
Simon
Simon

I've reported it through the Facebook "what's not working" route. Suggest others could do that too.

1 ตุลาคม เวลา 03:16 น.
Doug

Having the same problem using Iframe code.

As in the post above 'If I change the browser settings to "show desktop site" it works fine.'

This is ugly.

1 ตุลาคม เวลา 11:43 น.
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 ตุลาคม เวลา 12:31 น.
4

Here same problem :(

28 กันยายน เวลา 14:15 น.
Ronnie
4

Here same problem!

30 กันยายน เวลา 00:36 น.
Ronnie
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 ตุลาคม เวลา 12:31 น.
4

this is fb bug?

30 กันยายน เวลา 08:33 น.
Tuấn Khiêm Hạ
Vlad

It seems the issue is related to the iframe policy being returned by the server. Specifically, they're setting the X-Frame-Options header to DENY, which prevents the iframe from being displayed in Safari.

3 ตุลาคม เวลา 12:31 น.