In my project animated-pixel-gradients, I use helmet to add some security-related headers to the page response. One of these was X-Frame-Options: sameorigin
which I discovered today was preventing the nifty embedding on glitch.com from working.
Refused to display 'https://animated-pixel-gradients.glitch.me/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
So I edited my app’s code and removed the X-Frame-Options
directive and confirmed that it’s gone by looking in the Network panel in the DevTools. But the embed frame still won’t show the project for the same reason!
This is happening on Chrome OS 67 and I’ve cleared site data and cache to no avail. It does work on my iPhone in Mobile Safari however.