I had a django app that used an iframe to display a pdf stored in my local machine, something like this:
<embed src="path_to_file.pdf" type="application/pdf">
Everything worked just fine in all supported browsers... Until today.
The app suddenly stopped working on Chrome and the console displays the message Refused to display 'path_to_file.pdf' in a frame because it set 'X-Frame-Options' to 'deny'.
In other browsers it's still working as usual. I don't know if Chrome just made an update or what changed but it is not working anymore. ¡Any help would be appreciated!
After going through a lot of similar questions and trying lots of different things, I finally found a solution for my problem thanks to the django documentation.
Since Django 3.0. The default value of the X_FRAME_OPTIONS setting was changed from SAMEORIGIN to DENY.
So I just had to add X_FRAME_OPTIONS = 'SAMEORIGIN' to settings.py and the problem was gone.
I still don't know what change made my code stop working because I already used django 3.0 version since it was released, probably it was a Chrome update.