Error with Hosted Authentication in an IFrame


When integrating the Nylas Hosted Authentication page into an IFrame within your application, you may encounter a 403 error originating from the provider page. This issue generally arises when the providers have X-Frame-Options set to deny. This article aims to explain the reasons behind this occurrence and provides an effective workaround.

Problem Details

  • The root of the issue is the X-Frame-Options HTTP response header, which is often set to deny by many providers. This setting effectively prevents the hosted authentication flow from being embedded in an Iframe within your application.

    A typical error message might look like this: Refused to display '<>' in a frame because it set 'X-Frame-Options' to 'deny'.


  • Given that the X-Frame-Options is controlled by the provider and not something that Nylas can manipulate, the recommended workaround would be to utilize a popup window instead of an iframe. This alternative approach allows the hosted authentication flow to take place without restrictions imposed by the X-Frame-Options header.


Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Please sign in to leave a comment.