Issue
When I embed content from another website in a Hub Item, an error message is shown instead of the embedded content when I view the Item:
- "Blocked by Content Security Policy" (Firefox)
- "Blocked by X-Frame-Options Policy" (Firefox)
- "[website URL] refused to connect" (Chrome)
Conditions
- Occurs when embedding content from an external (non-Uberflip) website in an Item in your Hub using an iframe, for example by:
- Manually inserting
<iframe>
tags in the Item Editor's source code view - Using the iFramer app
- Using the My Items functionality in Sales Assist
- Manually inserting
- Where: In any Item where external content from a specific website has been embedded, specifically in the location where the embedded content should appear (i.e. in the iframe)
- Who: Anyone who views the Item is affected
- When: Occurs whenever the Item is viewed
- Any browser
- Any operating system
Cause
This issue typically occurs because the website you are trying to embed is configured so that it can't be displayed in an iframe, usually using a Content-Security-Policy
header with a frame-ancestors
directive, or an X-Frame-Options
header with a DENY
or SAMEORIGIN
directive (or both).
Steps to Fix
To fix this issue, you must be able to modify the configuration of the web server from which you want to embed content. This means that you can generally resolve the issue for websites that you control, but not for websites that are owned by third parties.
For instructions on how to resolve this issue with your own websites, see the article Configure your website to allow embedding into Uberflip content.