Streaming live at 10am (PST)

Webflow site does not display in iframe


#1

I'm trying to display my site built with Webflow in an iframe, but it just doesn't load. Someone suggested this can be related to x-frame settings. Can I edit those for my site?


#2

Hi @artooras

Can you please update your post with some more information so we can help you faster? Things like screenshots and your environment info really speed things up.

Posting guidelines can be found here: http://forum.webflow.com/t/posting-guidelines-for-the-need-help-category/8094

Thanks in advance! :slightly_smiling:


#3

Hi. This is the page I am trying to display in an iframe http://frontlog.webflow.io/backlog-setup (it's temporary, I will later move it onto a custom domain).

Other than that, I'm trying to display it in a simple iframe:

<iframe src="http://frontlog.webflow.io/backlog-setup"></iframe>

Is there any more information I can provide?


#5

You cannot iframe a Webflow site into another site. If you want to add a custom domain name to your Webflow site, please follow this guide: http://help.webflow.com/faq/how-do-i-set-up-custom-domain-hosting-with-my-webflow-site


#6

Your error message was this:

Refused to display 'http://frontlog.webflow.io/backlog-setup' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com".

Short Answer:

Webflow sites cannot be used in an iframe. This is to prevent free-usage abuse of the free yoursite.webflow.io sub-domain, and Webflow has set the server policy as such to stop you from doing so. To do what you are trying to do, you need to export the site and host it elsewhere that allows content to be displayed in an iframe.

Long Answer:

The reason for the error is that the host server for http://webflow.io has provided some HTTP headers to protect the pages/sites hosted by it. One of which is that the frame ancestors must be from the same domain as the original content. It seems you are attempting to put the iframe at a domain location that is not the same as the content of the iframe - thus violating the Content Security Policy that the host has set.

Content-Security-Policy: frame-ancestors 'self' https://webflow.io
X-Frame-Options: ALLOW-FROM https://webflow.com
X-Frame-Options: ALLOW-FROM http://webflow.com
X-Frame-Options: ALLOW-FROM https://webflow.io
X-Frame-Options: ALLOW-FROM http://webflow.io

Check out this link on Content Security Policy for more details.


#7

This topic was automatically closed after 60 days. New replies are no longer allowed.