Credits

This article is based on : IFraming SharePoint-hosted pages in apps, by Humberto Lezama

Problem Statement

There is a requirement to show the SharePoint Search Center in an Iframe on different domain website. After adding Search Center in Iframe, system show below exception

  

Chrome console error

Refused to display ***************** in a frame because it set ‘X-Frame-Options’ to ‘SOMEORIGIN’

Root Cause

From: IFraming SharePoint-hosted pages in apps

"By default, SharePoint 2013 prevents cross-domain IFRAMING of pages as a security measure to prevent clickjacking. This post explains what clickjacking is, how SharePoint prevents it, and how to allow your pages to be IFRAMED if your scenarios call for it.

SharePoint 2013 uses the X-Frame-Options header to prevent its pages from being targeted by a clickjacking attack. Each HTTP response sends an X-Frame-Options: SAMEORIGIN header, which indicates that this page must not be loaded in an IFRAME if the outer (hosting) page is on a different domain than the SharePoint page. This has some implications for IFRAME scenarios with SharePoint

  • SharePoint pages that host external content in an IFRAME are not affected
  • SharePoint pages that host other pages from the same SharePoint site in an IFRAME are not affected"

 

Resolution

From: IFraming SharePoint-hosted pages in apps

Follow the below listed step to fix this issue

  1. To "opt-out of clickjacking protection by adding the AllowFraming control to their .aspx pages
<WebPartPages:AllowFraming runat="server" />
This control instructs SharePoint not to send the X-Frame-Options header when this page is requested. Without the X-Frame-Options header, the page is able to be IFRAMED."  [blogs.msdn.com]

See Also