[Resolved] Removed X-Frame-Options But Embed Still Won't Work


In my project animated-pixel-gradients, I use helmet to add some security-related headers to the page response. One of these was X-Frame-Options: sameorigin which I discovered today was preventing the nifty embedding on glitch.com from working.

Refused to display 'https://animated-pixel-gradients.glitch.me/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

So I edited my app’s code and removed the X-Frame-Options directive and confirmed that it’s gone by looking in the Network panel in the DevTools. But the embed frame still won’t show the project for the same reason!

This is happening on Chrome OS 67 and I’ve cleared site data and cache to no avail. It does work on my iPhone in Mobile Safari however.


Do you mean the embed at https://glitch.com/~animated-pixel-gradients isn’t working or are you trying to embed it elsewhere? The embed is displaying ok for me in Chrome on Glitch.


Yes, that embed. It seems to work on my other browsers (and in incognito mode), but something is sticking in this Chrome instance that’s making it behave inconsistently :woman_shrugging:

EDIT: Apparently clearing site data from the Application tab of DevTools doesn’t do what I think it does. I did an “Empty Cache and Hard Reload” and that seems to have addressed the issue.