Refused to display 'https://accounts.google.com/' in a frame because it set 'X-Frame-Options' to 'deny' #3933

New Issue

Closed

opened 2026-02-05 07:54:14 +03:00 by OVERLORD · 5 comments

OVERLORD commented 2026-02-05 07:54:14 +03:00

Owner

Copy Link

Originally created by @namannj46 on GitHub (Jul 26, 2023).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

I have integrated Bookstack in our Website with using iframe. so bookstack is opening through iframe but when i tried to login on bookstack through google login it is showing the error.
accounts.google.com is refused to connect

When i inspect the code and check the error it is showing :
Refused to display 'https://accounts.google.com/' in a frame because it set 'X-Frame-Options' to 'deny'

So please help how i can resolve this error on Bookstack

Exact BookStack Version

v23.05.2

Log Content

No response

PHP Version

No response

Hosting Environment

ubuntu 22.04

Originally created by @namannj46 on GitHub (Jul 26, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I have integrated Bookstack in our Website with using iframe. so bookstack is opening through iframe but when i tried to login on bookstack through google login it is showing the error. **accounts.google.com is refused to connect** When i inspect the code and check the error it is showing : **Refused to display 'https://accounts.google.com/' in a frame because it set 'X-Frame-Options' to 'deny'** So please help how i can resolve this error on Bookstack ### Exact BookStack Version v23.05.2 ### Log Content _No response_ ### PHP Version _No response_ ### Hosting Environment ubuntu 22.04

OVERLORD added the 🐕 Support label 2026-02-05 07:54:14 +03:00

OVERLORD closed this issue 2026-02-05 07:54:17 +03:00

OVERLORD commented 2026-02-05 07:54:19 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 26, 2023):

This is a security control that Google are setting, not really something that can be worked around from a BookStack point of view. Many websites will block use in an iFrame due to security concerns.

@ssddanbrown commented on GitHub (Jul 26, 2023): This is a security control that Google are setting, not really something that can be worked around from a BookStack point of view. Many websites will block use in an iFrame due to security concerns.

OVERLORD commented 2026-02-05 07:54:22 +03:00

Author

Owner

Copy Link

@namannj46 commented on GitHub (Jul 26, 2023):

Can you suggest the possible way to do google login inside the iframe ?

@namannj46 commented on GitHub (Jul 26, 2023): Can you suggest the possible way to do google login inside the iframe ?

OVERLORD commented 2026-02-05 07:54:26 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 26, 2023):

No, not really anything with Google direct.
You could maybe find an alternative auth platform, which does not prevent (or can be hacked to allow) iframe use, that can use google as an upstream auth provider itself, then use that with BookStack.

These are not paths I'd suggest or can recommended further on though, these limits are in place for security, and iframes as a bunch of troubles (They can also complicate cookies and visuals).

@ssddanbrown commented on GitHub (Jul 26, 2023): No, not really anything with Google direct. You could maybe find an alternative auth platform, which does not prevent (or can be hacked to allow) iframe use, that can use google as an upstream auth provider itself, then use that with BookStack. These are not paths I'd suggest or can recommended further on though, these limits are in place for security, and iframes as a bunch of troubles (They can also complicate cookies and visuals).

OVERLORD commented 2026-02-05 07:54:28 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Aug 2, 2023):

Since there's been no follow-up I'm going to close this.

@ssddanbrown commented on GitHub (Aug 2, 2023): Since there's been no follow-up I'm going to close this.

OVERLORD commented 2026-02-05 07:54:31 +03:00

Author

Owner

Copy Link

@ForkInABlender commented on GitHub (Feb 25, 2024):

welp, then the html used isn't the problem then and the issue is not fixed.

@ForkInABlender commented on GitHub (Feb 25, 2024): welp, then the html used isn't the problem then and the issue is not fixed.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3933