Nancy was having some trouble getting her application to create Pinterest Rich Pins working. The validator tool (and tech support) were not very helpful. The error just said:
I tried verifying that there was no intra-AWS connectivity issues (Pinterest’s tool lives in AWS, but so does Nancy’s site), but I could see in the Apache logs that Pinterest was getting an HTTP-200 OK response.
It then dawned on me that I had – in a fit of security consciousness – turned on click-jacking protection on all my self-hosted domains.
The only problem being, Pinterest uses an
IFRAME to validate that your Rich Pins are correctly marked up with Schema.org tags. By using
X-FRAME-OPTIONS: SAMEORIGIN, I was blocking the tool from framing the page, and thus validating the content.
Sure enough, turning the click-jacking protection off fixes it.