I am developing a website that is supposed to be responsive so that people can access it from their phones. The site has got some secured parts that can be logged into using Google, Facebook, ...etc (OAuth).
The server backend is developed using ASP.Net Web API 2 and the front end is mainly AngularJS with some Razor.
For the authentication part, everything is working fine in all browsers including Android but the Google authentication is not working on iPhone and it gives me this error message
Refused to display 'https://accounts.google.com/o/openid2/auth ?openid.ns=http://specs.openid.ne…tp://axschema.org/namePerson /last&openid.ax.required=email,name,first,last' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
Now as far I am concerned I do not use any iframe in my HTML files.
I googled around, but no answer got me to fix the issue.
I found a better solution, maybe it can help somebody replace "watch?v="
by "v/"
and it will work
var url = url.replace("watch?v=", "v/");
They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. So this iframe is not able to display cross domain
For this purpose you need to match the location in your apache or any other service you are using
If you are using apache then in httpd.conf file.
<LocationMatch "/your_relative_path"> ProxyPass absolute_path_of_your_application/your_relative_path ProxyPassReverse absolute_path_of_your_application/your_relative_path </LocationMatch>
app.filter('scrurl', function($sce) { return function(text) { text = text.replace("watch?v=", "embed/"); return $sce.trustAsResourceUrl(text); }; });
<iframe class="ytplayer" type="text/html" width="100%" height="360" src="{{youtube_url | scrurl}}" frameborder="0"></iframe>