Getting this message?
Your website has restrictions in place from being loaded in an iframe.
The in-context editor can sometimes fail to load due to certain browser security restrictions, due to its use of iframes. You may need to adjust your HTTP headers to resolve the issue. MSDN has a great article explaining the problem.
The simplest solution is to install this Chrome extension to bypass the
Please note: X-Frame is a security measure implemented by some websites. Use of this extension is at the user's discretion. If you choose to use this chrome extension, we recommend activating the extension only when you are using the In-Context editor.
For the In-Context Editor to work, your browser must be set to allow third-party cookies.
If third-party cookies are not allowed, you may experience one of the following symptoms:
- An endless redirect will happen, with your browser navigating between pages but never resolving to the In-Context Editor page, as in the following video:
- The site will be mostly blank as in the following screenshot:
To determine if third-party cookies are enabled, you can visit the following link:
That page will show either:
- "Third party cookies appear to be disabled." OR
- "Third party cookies are functioning in your browser."
- Third party cookies are blocked by default in the following browsers:
- Certain versions of Internet Explorer, depending on the version of Windows
- Sometimes a browser extension can override your browser's third-party cookies setting, such as an ad blocker or an antivirus program.
Also ensure that you're logged in to the correct project when using the editor. If you are not switched into the matching project, the editor may appear functional, but will fail to work if the project you are logged in to does not match the project that was used to install Localize.
Additionally, please note that TLS/SSL connections are required for utilizing the in-context editor. "Http" only websites will no longer load within the editor due to security restrictions. This often presents a problem when using the editor with localhost or staging environments. In these cases, you may utilize a SSL certificate to enable "https" on local or staging environments. Alternatively, tools such as ngrok may be used to tunnel localhost connections through a public and secured temporary endpoint.
If using a self-signed SSL certificate, you may have to load the webpage outside of the editor to override browser warnings that may be triggered by self-signed certificates.
If you continue to experience issues using the in-context editor, we recommend reviewing the HTTP headers (such as CSP, X-Frame, and other HTTP header restrictions). In order for the in-context editor to function, the web application must be able to load and run within an iframe. You may need to whitelist the in-context editor domain, "https://localize.live", to allow the in-context editor to function on websites with strict iframe or cross-origin resource restrictions.