I am trying to embed a youtube URL into a frame in a Django template. Each time I receive the same message in the console:
Refused to display 'https://www.youtube.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
I have tried inserting two decorators before the view:
@frame_deny_exempt
@xframe_options_exempt
No effect. In a final test I inserted this statement into settings.py just to see if it would turn off the xframe check:
X_FRAME_OPTIONS = 'ALLOWALL'
The same error appears.
I also tried removing the XFrameOptions middleware, no change.
This is in a local testing environment so I am using the Django web server, my production server (which I have not tried moving this to for obvious reasons) is an Azure instance running NGINX
CodePudding user response:
Are you using an embeddable URL?
https://support.google.com/youtube/answer/171780
It is YouTube that is providing the X-Frame-Options
header that the browser is complaining about, which implies you are trying to embed the normal URL to the video.