I wrote an integration for Salesforce a while back that read some information from a RESTful web service and displayed it in a VisualForce Page embedded in a standard page layout on an SObject. The system let you authorise with OAuth by clicking a link which would redirect you to the specified authorisation page and after authorising correctly you would be redirected back to the correct record.
The system used to work perfectly but then suddenly stopped working. The only error was regarding null input to JSON but digging deeper showed that the authorisation was never completing. Further digging and logging on the console from the link showed an error:
Refused to display document because display forbidden by X-Frame-Options.
Some digging lead me to this StackOverflow post which lead me to update the link to have a target=”_top” attribute, and now it all works again! Basically the OAuth provider had updated their service to properly implement the protocol which leads to this error being thrown if we are about to perform some sort of XSS style action.
Hope anyone who stumbles across this finds it helpful! It caused me a few headaches so I thought I would share.