Go to: http://www.mixmag.net/page/covermix/ And enter a (wrong) code like: 1111-1111 What's supposed to happen: "Sorry, that token was not recognised. Please check and try again:" appears on the same page (as tested in Firefox) What happens: [Error] Failed to load resource: the server responded with a status of 403 (FORBIDDEN) (ec2-54-170-162-181.eu-west-1.compute.amazonaws.com, line 0) [Error] Refused to display 'http://ec2-54-170-162-181.eu-west-1.compute.amazonaws.com/?cachebuster=1460985703' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. Note that entering a valid code starts the download on Firefox, and but throws the same error as above in epiphany and MiniBrowser.
(In reply to comment #0) > [Error] Refused to display > 'http://ec2-54-170-162-181.eu-west-1.compute.amazonaws.com/ > ?cachebuster=1460985703' in a frame because it set 'X-Frame-Options' to > 'SAMEORIGIN'. ^ Surely that is the problem? Why do you think there is a WebKit bug?
Because on Firefox, it's supposed to launches a download, which isn't a frame after all.