Skip to content

In some edge cases, it allowed content to be "framed" even when the server strictly forbade it.

If you are a site owner, ensure your Content Security Policy is up to date to handle modern frame-ancestors requirements.

By triggering a "mode refresh" specifically within this context, it was possible to:

Since the patch is server-side and browser-integrated, there is no "workaround" that doesn't involve a security risk. Instead, you should:

The browser may simply stop the frame from loading if it detects a ViewerFrame state change that violates security protocol. How to Move Forward

If you were using this method for legitimate testing or niche web app functionality, you’ll likely see one of the following errors:

If you are using an old library (like an outdated version of jQuery or a proprietary internal tool) that relies on ViewerFrame logic, it’s time to refactor. Conclusion

If you need to communicate between a parent and a child frame, use the window.postMessage API. It is the secure, modern standard.

The standard XFO (X-Frame-Options) or CSP headers are now being strictly enforced, even during a forced refresh.

Also worth reading:

Viewerframe Mode Refresh Patched ★ Ultimate & Fresh

In some edge cases, it allowed content to be "framed" even when the server strictly forbade it.

If you are a site owner, ensure your Content Security Policy is up to date to handle modern frame-ancestors requirements.

By triggering a "mode refresh" specifically within this context, it was possible to: viewerframe mode refresh patched

Since the patch is server-side and browser-integrated, there is no "workaround" that doesn't involve a security risk. Instead, you should:

The browser may simply stop the frame from loading if it detects a ViewerFrame state change that violates security protocol. How to Move Forward In some edge cases, it allowed content to

If you were using this method for legitimate testing or niche web app functionality, you’ll likely see one of the following errors:

If you are using an old library (like an outdated version of jQuery or a proprietary internal tool) that relies on ViewerFrame logic, it’s time to refactor. Conclusion Instead, you should: The browser may simply stop

If you need to communicate between a parent and a child frame, use the window.postMessage API. It is the secure, modern standard.

The standard XFO (X-Frame-Options) or CSP headers are now being strictly enforced, even during a forced refresh.

Running the Windows Phone Emulator in VMware Fusion

Pascal Arnould

If you run Windows 8 on your Mac with VMware Fusion 5.0 , you might get the following error message when starting the Windows Phone emulator for the first time: The Windows Phone Emulator wasn't able to create the virtual machine.
Xamarin platform setup gotchas

Xamarin platform setup gotchas

Pascal Arnould

Yesterday I attended the "C# and Mvvm - Developing apps for all of Android, iPhone and Windows" event hosted by Stuart Lodge at Modern Jago. In preparation for the day I had the daunting task of setting up my Mac for cross platform development with Xamarin. While most of it was fairly straight forward and well documented, I came across a few gotchas worth blogging about.

Pascal Arnould

Software Engineer III

Pascal Arnould

He has over 20 years experience of implementing complex technology solutions across a number of sectors, and is a passionate advocate of Agile practices, continuous learning and engineering excellence.

Pascal worked at endjin from 2013 - 2015.

Load ?

See our privacy statement for how we handle your data.

Manage cookie preferences

Third-party widgets you have consented to appear below. Revoking stops the widget right away and prevents it from loading on future visits — you'll be asked to consent again next time you click its button.