Refused to display iframe or embed tag in django 3.0 and chrome

Issue

I had a django app that used an iframe to display a pdf stored in my local machine, something like this:

<embed src="path_to_file.pdf" type="application/pdf">

Everything worked just fine in all supported browsers… Until today.

The app suddenly stopped working on Chrome and the console displays the message Refused to display ‘path_to_file.pdf’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.

In other browsers it’s still working as usual. I don’t know if Chrome just made an update or what changed but it is not working anymore. ¬°Any help would be appreciated!

Solution

After going through a lot of similar questions and trying lots of different things, I finally found a solution for my problem thanks to the django documentation.

Since Django 3.0. The default value of the X_FRAME_OPTIONS setting was changed from SAMEORIGIN to DENY.

So I just had to add X_FRAME_OPTIONS = 'SAMEORIGIN' to settings.py and the problem was gone.

I still don’t know what change made my code stop working because I already used django 3.0 version since it was released, probably it was a Chrome update.

Answered By – Manuel Montoya

This Answer collected from stackoverflow, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply

(*) Required, Your email will not be published