Even though I put “allow-same-origin” in the sandbox attribute of the HTML, I get the error “Refused to display ‘https://www.twitch.tv/’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.” An error occurs.
If I were to embed the chat in the normal way, I wouldn’t be able to use the “options for running the chat as a popup” like setting the dark mode, so I put the link “Twitch” in the src of the iframe instead of “Twitch”.
The SOP error popped up in the console window of the devtool, so I looked for the API documentation and realized that there was a sandbox option, so I put that in and got the same error.
To see if it was just a link issue, I tried putting in a normal link (Twitch) minus the parent=~~~ part, and got the same error (‘X-Frame-Options’ to ‘sameorigin’).
Is there a workaround for that error, or is it possible to embed the popup directly?
To embed chat please follow the embed chat documentation: Chat | Twitch Developers
You need to embed the embed, not the popup.
If still having issues please link to the page with the embed on that is not working.
I’ve exhausted the embed options, so there’s no way to include a popup at all?
Why didn’t the +sandbox option work?
My code was like this
Only embedding the embed as documented is supported.
You can use
darkpopout=1 to force dark mode on the chat embeds, otherwise user preference should apply/be recalled.
You can’t override the server.
The sandbox option tells your site what to allow on the embedded site if your site has restrictions.
if you specify more permissions that Twitch requests in the docs, that dones’t make Twitch apply/allow those extra perms
So you add
allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals
if you add more Twitch doesn’t add more it will ignore.
If so, how should I use the https://dev.twitch.tv/docs/embed/chat/에서 Parameters-sandbox part?
There doesn’t seem to be any difference between using it and not using it, so am I using it wrong? Or is it not supported right now?
You got caught as I was editing revising.
Oh I saw the revised answer late, thanks for the reply
Applies extra restrictions to the content in the frame. The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions:
But if you add more than Twitch needs, Twitch doesn’t honor/add the extra permissions, hence trying to override the X-Frame-Options does nada.