Help

The Community will be temporarily unavailable starting on Friday February 28. We’ll be back as soon as we can! To learn more, check out our Announcements blog post.

Form iframe embed not displaying seemingly due to x-frame-options = SAMEORIGIN

3298 1
cancel
Showing results for 
Search instead for 
Did you mean: 
Nathan_Craig1
4 - Data Explorer
4 - Data Explorer
  1. I am seeking to embed an airtable form into a webpage. On the embed view, if I turn on autosize height, there is a javascript. When this switch is turned off, the embed is just a simple iframe.

  2. On the page webpage where I’m attempting to embed the airtable form, I can embed other pages using iframe. Therefore, I know iframe will properly display content.

  3. The embed code supplied by airtable shows nothing. The page is blank.

  4. When I use an iframe checker it reports: Header X-Frame-Options found. The header is set to SAMEORIGIN. You are on a different domain and therefore this page can NOT be included.. If I understand X-Frame properly, this indicates that an iframe embed can only be made from the airtable domain. The full header reported is as follows:

HTTP/1.1 200 OK
cache-control: no-store, no-cache, must-revalidate
Cache-control: no-cache="set-cookie"
Content-Length: 25963
Content-Type: text/html; charset=utf-8
Date: Sat, 26 Sep 2020 18:16:23 GMT
ETag: W/"656b-ovIs+MpQkjuLC/LYHXdHBhR4Mng"
expires: Sat Sep 26 2020 18:16:23 GMT+0000 (Coordinated Universal Time)
Referrer-Policy: same-origin
Server: Tengine
Set-Cookie: brw=brwqQ4ESHxn9zmze1; path=/; expires=Sun, 26 Sep 2021 18:16:23 GMT; domain=.airtable.com; samesite=none; secure; httponly
Set-Cookie: __Host-airtable-session=eyJzZXNzaW9uSWQiOiJzZXNvSWEyVFQyanR6eVR6TiIsImNzcmZTZWNyZXQiOiJsTkdwajhjNldHa1Y1UmtGVkJLcWducnIifQ==; path=/; expires=Sun, 26 Sep 2021 18:16:23 GMT; samesite=none; secure; httponly
Set-Cookie: __Host-airtable-session.sig=Ur7fWF9qbaT6HtI_5ink_QvuzVdJ30ObNDcadFC3krk; path=/; expires=Sun, 26 Sep 2021 18:16:23 GMT; samesite=none; secure; httponly
Set-Cookie: AWSELB=F5E9CFCB0C87D62DB5D03914FDC2A2D2D45FBECE920772BD99A4627C52C73ED7F0469123D30BC1262B9940A7DF1D234855648842F307C869CCADBA86810CE186F5BC49125C;PATH=/
Set-Cookie: AWSELBCORS=F5E9CFCB0C87D62DB5D03914FDC2A2D2D45FBECE920772BD99A4627C52C73ED7F0469123D30BC1262B9940A7DF1D234855648842F307C869CCADBA86810CE186F5BC49125C;PATH=/;SECURE;SAMESITE=None
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Connection: keep-alive 

Note both Referrer-Policy: same-origin and X-Frame-Options: SAMEORIGIN. I’m assuming the latter is the issue.

How are people embedding pages if the X-Frame-Options are set to SAMEORIGIN? Any guidance would be much appreciated.

1 Reply 1
md
4 - Data Explorer
4 - Data Explorer

Using the /embed URL, e.g.

<iframe src="https://airtable.com/embed/shrvalXXXXXXXXXXX"></iframe>