Skip to main content




  1. I am seeking to embed an airtable form into a webpage. On the embed view, if I turn on autosize height, there is a javascript. When this switch is turned off, the embed is just a simple iframe.







  2. On the page webpage where I’m attempting to embed the airtable form, I can embed other pages using iframe. Therefore, I know iframe will properly display content.







  3. The embed code supplied by airtable shows nothing. The page is blank.







  4. When I use an iframe checker it reports: Header X-Frame-Options found. The header is set to SAMEORIGIN. You are on a different domain and therefore this page can NOT be included.. If I understand X-Frame properly, this indicates that an iframe embed can only be made from the airtable domain. The full header reported is as follows:







HTTP/1.1 200 OK


cache-control: no-store, no-cache, must-revalidate


Cache-control: no-cache="set-cookie"


Content-Length: 25963


Content-Type: text/html; charset=utf-8


Date: Sat, 26 Sep 2020 18:16:23 GMT


ETag: W/"656b-ovIs+MpQkjuLC/LYHXdHBhR4Mng"


expires: Sat Sep 26 2020 18:16:23 GMT+0000 (Coordinated Universal Time)


Referrer-Policy: same-origin


Server: Tengine


Set-Cookie: brw=brwqQ4ESHxn9zmze1; path=/; expires=Sun, 26 Sep 2021 18:16:23 GMT; domain=.airtable.com; samesite=none; secure; httponly


Set-Cookie: __Host-airtable-session=eyJzZXNzaW9uSWQiOiJzZXNvSWEyVFQyanR6eVR6TiIsImNzcmZTZWNyZXQiOiJsTkdwajhjNldHa1Y1UmtGVkJLcWducnIifQ==; path=/; expires=Sun, 26 Sep 2021 18:16:23 GMT; samesite=none; secure; httponly


Set-Cookie: __Host-airtable-session.sig=Ur7fWF9qbaT6HtI_5ink_QvuzVdJ30ObNDcadFC3krk; path=/; expires=Sun, 26 Sep 2021 18:16:23 GMT; samesite=none; secure; httponly


Set-Cookie: AWSELB=F5E9CFCB0C87D62DB5D03914FDC2A2D2D45FBECE920772BD99A4627C52C73ED7F0469123D30BC1262B9940A7DF1D234855648842F307C869CCADBA86810CE186F5BC49125C;PATH=/


Set-Cookie: AWSELBCORS=F5E9CFCB0C87D62DB5D03914FDC2A2D2D45FBECE920772BD99A4627C52C73ED7F0469123D30BC1262B9940A7DF1D234855648842F307C869CCADBA86810CE186F5BC49125C;PATH=/;SECURE;SAMESITE=None


Strict-Transport-Security: max-age=31536000; includeSubDomains; preload


Vary: Accept-Encoding


X-Content-Type-Options: nosniff


X-Frame-Options: SAMEORIGIN


X-XSS-Protection: 1; mode=block


Connection: keep-alive


Note both Referrer-Policy: same-origin and X-Frame-Options: SAMEORIGIN. I’m assuming the latter is the issue.



How are people embedding pages if the X-Frame-Options are set to SAMEORIGIN? Any guidance would be much appreciated.

Using the /embed URL, e.g.

<iframe src="https://airtable.com/embed/shrvalXXXXXXXXXXX"></iframe>

 

Reply


Terms & Conditions