Load denied by X-Frame-Options

I’ve setup the widget with self service registration.

After registration, I get the following error.

Load denied by X-Frame-Options: “SAMEORIGIN” from “https://live-widget.oktapreview.com/oauth2/0oa273nhbgEW3sAVv…jrVfyMW0OiQ8q_y7GZKF_hYjuQAdU&scope=openid%20email%20profile”, site does not permit cross-origin framing from “https://MYSITE.com/demo/index.html”.

Widget uses the suggested code:

widget.renderEl({
 el: "#quote-widget"
}, function success(res) {
   if (res.status === 'SUCCESS') {
      res.session.setCookieAndRedirect('http://**.com/demo/quote.html');
    }
 });						

Hi @truveal

Is this URL accessed automatically from the sign-in widget or from your code? Can you please provide the full widget code, including the configuration (you can mask the Okta subdomain)?

Hi @dragos

I’ve tried a few options - latest iteration is here:

var widget = new OktaSignIn({
                baseUrl: "https://dev-XXX.okta.com",
                clientId: 'XXX',                
                redirectUri: 'https://XXX.com/demo/quote.html',
                authParams: {
                  issuer: 'https://live-widget.oktapreview.com/oauth2/XXX',
                  responseType: ['id_token', 'token'],
                  scopes: ['openid', 'email', 'profile'],
                },
                logo: "https://XXX.com/images/logo.png",
							  i18n: {
                  // Overriding English properties
                  en: {
                    "primaryauth.title": "XXX",
                    "primaryauth.submit": "Sign In"
								  },
                },
                features: {
                  registration: true,  	
                }						  
							});
							
							widget.renderEl({
							  el: "#quote-widget"
							}, function success(res) {
                if (res.status === 'SUCCESS') {
                  res.session.setCookieAndRedirect('https://XXX.com/demo/quote.html');
                }
              });