When attempting to use Neo4j Bloom or Browser within an iframe with Google Single Sign On (SSO), you may encounter an error message that reads "'X-Frame-Options' to chromewebdata/:1 'deny'".
This error occurs because of a CORS limitation imposed by Google.
Specifically, the X-Frame-Options HTTP response header with a value of 'deny' is sent by accounts.google.com and interpreted by the web browser.
Neo4j is unable to modify this behaviour as the response header is from Google.
If users have already signed in to Google SSO and have a valid session, they can access Bloom/Browser within the iframe by selecting the SSO Sign-in option.
To ensure that users have a valid session when accessing the web page with the iframe, you can enforce Google Authentication on the main page that holds the iframe. This will enable users to use the SSO sign-in option without being blocked by the CORS limitation.