Ask your WordPress questions! Pay money and get answers fast! Comodo Trusted Site Seal
Official PayPal Seal

Access denied: Cross-domain security error when in iframe WordPress

Hi, I've this problem, when I embed my website in an external iframe, a js button doesn't work and outputs "Access denied: Cross-domain security error".
I can't edit iframe (I've no control on it).
I suppose the error is
Please, help me

Answers (4)


zebra webdesigns answers:

Can you provide the URL and other details please.
If possible can you PM me


Galia Bahat answers:

You probably need to allow it through the website inside the iframe.
Do you have control over what's inside the iframe or just the wrapping webpage?

Imagine this: a malicious developer creates a webpage with an iframe. The iframe opens Gmail, hoping that you set your browser to remember your Gmail password. Then, through JS the developer gets the content of the password field, which was automatically filled on your end.
They hide the iframe and you never know that your password was stolen.

So the browser in that case asks Gmail if they trust that malicious developer's site.

Looks like that's what you've got here. The website in the iframe needs to confirm that you're not looking for trouble.

tomaso1980 comments:

Yes, I've control over website. Can I add trusted sites/domain? How?


Luis Abarca answers:

Use this tool to add the domain to the iframed site

[[LINK href=""]][[/LINK]]

tomaso1980 comments:

I tried it. It generates an cross domain xml.
I put it in website root (I have control only on embedded site) but it doesn't work. Any hints?


Arnav Joy answers:

read these article

tomaso1980 comments:

Thank you, tried it. Doesn't work. Consider that I've access only to embedded website, and not to iframe site.
So if I need to embed site A in site B, I can edit only site A, not the frame on site B.
Any hint?

Arnav Joy comments:

write following in .htaccess file

please take proper backup of the file before doing it.

<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"

tomaso1980 comments:

Thanks, but it doesn't work.