Refused to display 'google oauth2' in a frame because it set 'X-Frame-Options' to 'DENY'

Question

I have a simple public site A that gets data from site B with is private (user can access it using google account -> 'https://accounts.google.com/o/oauth2/). This is for testing purposes.

I can access the data on site A while in browser with my google account, respectively cannot in incognito view. It was great but I need to test on real device mobile and it's a problem. Even though I am in my google account I get error Refused to display 'https://accounts.google.com/o/oauth2/v2/..' in a frame because it set 'X-Frame-Options' to 'DENY'. I read several articles and added these to my code

<?php header("Access-Control-Allow-Origin:*"); ?>
<?php header("X-Frame-Options: SAMEORIGIN"); ?> (or ALLOW-FROM etc)

But it did not help. My question is, is there a way to fix this?

Answer 1

Maybe it helps someone else.

So the problem was in the mobile browser (Safari) which does not share cookies between pages. I solved it just disabling Prevent Cross-Site Tracking on my iPhone and it allowed me to authorised on one page and get that cookies on another page. As it works on PC browsers version.