X-Frame-Options causes infinite Please Wait symbol on Import Page


I wonder if someone could help.
Today I tried to import product data, however, the data check never ends.

I don’t’ know where to start with this.
Pls help :pray:

I’d start with Inspect Element (Browser). Reload the page with Inspect Element on and monitor Network and Console tabs for anything in red. Perhaps a particular file is timing out… Or maybe a JS competent accidentally got blocked by an AdBlocker.

Then I’d trace whatever wasn’t loading back to the source…

Hi Craig,

OK, I’ve got something but how to bite now. :thinking:

I see, I am assuming that you are using Nginx. Try adding following with in your location blocks

add_header X-Frame-Options "SAMEORIGIN";


location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
	add_header Cache-Control "public";
	add_header X-Frame-Options "SAMEORIGIN";
	expires +1y;
	if (!-f $request_filename) {
		rewrite ^/pub/static/(version\d*/)?(.*)$ /pub/static.php?resource=$2 last;

Also, in server block you can add:

add_header   X-Frame-Options "DENY";
add_header   X-Content-Type-Options nosniff;

Lastly, in your location / block add following:

add_header 'Access-Control-Allow-Origin' '*';

I think @PawelP is on a LAMP Stack, as he’s been following along with my tutorials.

  • Did you recently change anything to do with your Apache Configs (e.g. SSL)?
  • Did it used to work before? It this the only page affected?
  • Does the error appear on other working pages (just in case this is a red herring)?
1 Like

Hi Craig,

No, Im using Apache.
Standard installation form your tutorial how to install magento 2.3

Oh yes, it worked before.
And yes, I did installed SSL

This article looks related to your issue, @PawelP

Well, after so much research in code and configuration, I determined that the second header X-Frame-Options:DENY was nos declared in Magento. So, I review my others Magento and no Magento sites, and I noticed that every sites had the same header. So, the logical option was Apache.

I made a grep in Apache2 configurations, and I found a Header always set X-Frame-Options DENY in /etc/apache2/conf-available/ssl-params.conf I commented that line, restarted Apache, and surprise, the imports works fine, and I only see one X-Frame-Options header in the requests.

I don´t know if is a good practice comment that line. Someone with more expertise in that area could tell me more about. But, until that, this fix my problem. So, if someone is fighting with something similar, I recommend you look in the configuration of the server, to see if there is something that is inserting again the same header, additional to that of Magento. - Magento Stackexchange

@nix Had the right solution for the wrong stack :slight_smile:

FYI: That grep command to find the file containing “X-Frame-Options”, in case it’s not the same file your end. Run as superuser otherwise you won’t have permission to read contents for the search:

sudo grep -Rl 'X-Frame-Options' /etc/

Once changes made, restart apache with:

sudo systemctl restart apache2

As the post alludes to, I’m not sure if this is “ok” practice or a “sticky-plaster” fix :man_shrugging:


It worked. Thank you for the tip and the link.
After I replaced ‘DENY’ with ‘SAMEORIGIN’ all is working now.

I followed this instruction to install GoDaddy SSL on ubuntu 18.04.

I understood everything that I was doing except the

" To set up Apache SSL securely, we will be using the recommendations by Remy van Elst on the Cliperli.st site. This site is designed to provide easy-to-consume encryption settings for popular software."

If you ever find time to explain what the ssl-params.conf does it would be great.

Once again thank you Craig.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.