Web Content Block is the latest and greatest addition to the Flow storyboard items. This is mainly used to display web content from your website whether it is a website, 3d model, or even an augmented reality walkthrough.
What are X-Frame-Options?
X-Frame-Options is an HTTP response header. It is used to indicate whether a browser should allow a webpage to open in a Frame/iFrame, whether it can be embedded or represent as an external object (<frame>, <iframe>, <embed>, <object> tags). This helps to prevent crack-jacking attacks.
Why is this important?
Websites can use X-Frame-Options or a content security policy to control this behavior. If the x-frame option is configured to deny loading in a frame and only allowed from the same origin, then it won't load on the Flow web content block.
Configuraiton could be:
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
Resolution
Your web administrator/developer should allow *.flowapp.com on your end in the following way.
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN, *.flowapp.com
If the content security policy is used then configuration could be,
Content-Security-Policy: default-src 'self'
In this case, you should allow *.flowapp.com on your end in the following way.
Content-Security-Policy: default-src 'self' flowapp.com.com *.flowapp.com.com
Reference
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article