Problem description
Our SharePoint site with Excel service published Excel, need to IFrame to other systems, but the IFRAME found the error "This content cannot be displayed in a frame."
Later, the attempt to iframe other pages in other systems, the same report such errors, but SharePoint own pages, iframe their own page does not complain, IFrame own Excel Services page error, very strange problem.
Screenshot of question
Introduction to the problem
After a long period of search, found to be a security policy caused, in order to prevent "clickjacking attacks", and then in the search for a moment, what this means, it is "Click Hijacked Attack", let's see what is this click Hijacking.
Click Hijacking definition to open a Web page, a flash advertising box, you click the "Close" button, can result in the advertisement did not close, but became full screen, such a situation in the computer security domain called Click Hijacking, that is to say you click the behavior of the mouse to be controlled.
Click Hijack feature Click Hijacking is a malicious attack technology that tracks network users, obtains their private information, or remotely controls their computers by allowing them to click on seemingly normal web pages. Many browsers and operating platforms have such vulnerabilities.
Click Hijacking can be in the form of embedded code or text to complete the attack without the user's knowledge, such as clicking a button on a surface that shows "playing" a video, but actually completing the operation is to change the user's social network personal information to "public" status.
Solution One
The problem is that the HTTP response headers are set x-frame-options, and I think that SharePoint should limit this, causing us to not be able to access the location of the IIS site, but not showing it, and then trying to add the HTTP response headers of the IIS site, Discovery can solve the problem.
1, open IIS, click on the HTTP response headers;
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/web/sharepoint/