javascript Google Chrome 拒绝显示 GoogleMaps Frame,因为 X-Frame-Options 设置为拒绝
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20702957/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Google Chrome refused to display GoogleMaps Frame because X-Frame-Options is set to deny
提问by Donnie Rock
I'm working on a website for a shop and I'm using the GooleMaps Engine Lite to show his location. It works on IE9 and 10, Safari for Windows, iOS and MacOs and Mozilla Firefox, but it's not working on Chrome. If I use the Javascript Console I can see the following error:
我正在一个商店的网站上工作,我正在使用 GooleMaps Engine Lite 来显示他的位置。它适用于 IE9 和 10、Safari for Windows、iOS 和 MacOs 以及 Mozilla Firefox,但不适用于 Chrome。如果我使用 Javascript 控制台,我会看到以下错误:
Refused to display 'https://accounts.google.com/ServiceLogin?service=mapsengine&passive=1209600…up=https://mapsengine.google.com/map/embed?mid%3DzehbkDaSW5QM.kyKZHGifzxMc' in a frame because it set 'X-Frame-Options' to 'DENY'.
Could anybody help me?
有人可以帮我吗?
采纳答案by Donnie Rock
First time I had the problem it disappeared when I rebooted my computer, but today the problem appeared again. I've read on Google forums that the conflict comes when you are semi-logged with your Google account. If I log out completely my account or log in the map re-starts to work. In Safari you will find the same issue.
我第一次遇到问题时,重新启动计算机时它消失了,但今天问题又出现了。我在 Google 论坛上读到,当您使用 Google 帐户进行半登录时会发生冲突。如果我完全注销我的帐户或登录地图重新开始工作。在 Safari 中,您会发现同样的问题。
A temporary solution is sandbox the map iframe to forbid it to access the cookies.
一个临时的解决方案是将地图 iframe 沙箱化以禁止它访问 cookie。
回答by pzkpfw
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
<frame>or<iframe>. Sites can use this to avoid clickHymaning attacks, by ensuring that their content is not embedded into other sites.
X-Frame-Options HTTP 响应标头可用于指示是否应允许浏览器以
<frame>或格式呈现页面<iframe>。网站可以使用它来避免点击劫持攻击,确保他们的内容没有嵌入到其他网站中。
The counter-question I have to you is why are you implementing that URL in an iframe, when it specifically tells the browser it does not want to be loaded in an iframe?
我要问你的反问题是为什么你要在 iframe 中实现那个 URL,当它明确告诉浏览器它不想在 iframe 中加载时?
Did you follow the instructions at https://support.google.com/mapsenginelite/answer/3024935?hl=enwhen embedding the map?
嵌入地图时,您是否按照https://support.google.com/mapsenginelite/answer/3024935?hl=en 上的说明进行操作?
- Make sure you have your desired map open and that it is set to be accessible by the Public.
- Click the folder button.
- Select Embed on my site.
- In the box that appears, copy the HTML under 'Embed on the web,' and paste it into the source code of your website or blog.
- 确保您打开了所需的地图,并将其设置为可供公众访问。
- 单击文件夹按钮。
- 选择嵌入我的网站。
- 在出现的框中,复制“嵌入网络”下的 HTML,然后将其粘贴到您的网站或博客的源代码中。
回答by janfoeh
You're linking to the Google Account login page for the maps generator, not to a map. The link is probably not what you want.
您正在链接到地图生成器的 Google 帐户登录页面,而不是地图。该链接可能不是您想要的。
To make an embeddable map from Google Maps Engine,
要从 Google Maps Engine 制作可嵌入的地图,
- click on the green "Share" button on the top right and set you map to public
- click on the folder icon on the top left (next to "Add layer") and choose "Embed on my site"
- 单击右上角的绿色“共享”按钮并将您的地图设置为公开
- 单击左上角的文件夹图标(“添加图层”旁边),然后选择“嵌入我的网站”
回答by avrahamm
1) in the left bottom corner click on 6 teeth wheel , 'Share and integration of map' 2) In opened dialog press on 'integrate map' 3) you got iframe line with correct src .
1) 在左下角单击 6 个齿轮,“共享和集成地图” 2) 在打开的对话框中按“集成地图” 3) 你得到了带有正确 src 的 iframe 线。
