Refused to display 'google oauth2' in a frame because it set 'X-Frame-Options' to 'DENY'
I have a simple public site A that gets data from site B with is private (user can access it using google account -> 'https://accounts.google.com/o/oauth2/). This is for testing purposes.
I can access the data on site A while in browser with my google account, respectively cannot in incognito view. It was great but I need to test on real device mobile and it's a problem. Even though I am in my google account I get error Refused to display 'https://accounts.google.com/o/oauth2/v2/..' in a frame because it set 'X-Frame-Options' to 'DENY'.
I read several articles and added these to my code
<?php header("Access-Control-Allow-Origin:*"); ?>
<?php header("X-Frame-Options: SAMEORIGIN"); ?> (or ALLOW-FROM etc)
But it did not help. My question is, is there a way to fix this?
Maybe it helps someone else.
So the problem was in the mobile browser (Safari) which does not share cookies between pages.
I solved it just disabling Prevent Cross-Site Tracking on my iPhone and it allowed me to authorised on one page and get that cookies on another page. As it works on PC browsers version.
- How to change the app name for Firebase authentication (what the user sees)
- Generate token fails for Azure app which is both client and API (client credentials workflow)
- Is it okay to encrypt a 3rd party access token and refresh token, in an encrypted JWT?
- Is a Client Secret Required for Google OAuth 2.0 using the PKCE Authorization Flow? Should I Expose the Client Secret Publicly?
- What is the purpose of a "Refresh Token"?
- Pagination with oauth azure data factory
- How to use supabase google auth provider in react naive expo app
- How to bypass keycloak login page and provide client suggested idp with spring security
- Issue with Discord OAuth2 redirect_uri component
- npm install error - invalid package.json
- Can I get the company name/logo with the LinkedIn API?
- PayPal REST API credentials of another business or party
- Configuring spring-boot-starter-oauth2-client to authenticate with Azure AD
- Problems logging into coinbase api with oauth2
- Azure authentification for multiple audience using WithExtraScopesToConsent and AcquireTokenSilent
- Microsoft OAuth authorization code flow CORS
- How to authorize a request to the FCM v1 API with an access token
- Error creating bean with name 'corsConfigurationSource'
- MailKit OAuth2 SMTP Office365 Send Mail
- Which the correct way to implement an API request
- Issue with assessing data in blob storage using OAuth tokens from a dotnet app
- How do you access a patient's data via FHIR API?
- Unable to refresh access token : response is "unauthorized_client"
- How do I connect to Exchange Online using OAuth 2.0 in MailKit?
- Unable to get authentication code from redirect url when authenticating with OAuth2 from .NET desktop app
- OAuth2AuthenticationException: [invalid_client] when try sign in with Apple in Spring Boot application
- I get this error:- Error 400: redirect_uri_mismatch even after I registered the URI in Google Gmail API OAuth 2.0
- Keycloak and Spring Boot web app in dockerized environment
- OAuth2 Client Certificate Credentials and OIDC Issue
- Spring Boot: How to persist user details collected from OAuth Service Provider to my database