The deisgn of the widget is such that, we pull a studio page on other domain of customer in an iframe . Recenlty we started to get an error on customer's stage environment as Load denied by X-Frame-Options: http://<stage server> /t5/custom/page/page-id/widget does not permit framing. as the error implies the response header is passsing a parameter X-Frame-Options:DENY is this a configuration of security restriction ? would appreaciate some details on what can cause this error. Thanks,Ratnesh

Hi Ratnesh, Looking at that page I do see the X-Frame-Options:DENY header, so as currently configured, that page is not iframeable at all in a browser that honors that header. Looking at the configuration for the site, I do see a problem with the clickjacking prevention configurations. Please file a case with support to get this configuration issue resolved. Here is a general link for more info on clickjacking, for anyone who is not familiar with the general issue: wikipedia Regards, Steve

Forum Discussion

ratnesh

Lithium Alumni (Retired)

12 years ago

Problem in using studio page as an iframe on other domain

The deisgn of the widget is such that, we pull a studio page on other domain of customer in an iframe . Recenlty we started to get an error on customer's stage environment as

Load denied by X-Frame-Options: http://<stage server> /t5/custom/page/page-id/widget does not permit framing.

as the error implies the response header is passsing a parameter X-Frame-Options:DENY

is this a configuration of security restriction ? would appreaciate some details on what can cause this error.

Thanks,

Ratnesh

stever
12 years ago
Hi Ratnesh,

Looking at that page I do see the

X-Frame-Options:DENY

header, so as currently configured, that page is not iframeable at all in a browser that honors that header.

Looking at the configuration for the site, I do see a problem with the clickjacking prevention configurations.

Please file a case with support to get this configuration issue resolved.

Here is a general link for more info on clickjacking, for anyone who is not familiar with the general issue: wikipedia

Regards,

Steve

stever
Lithium Alumni (Retired)
12 years ago
Hi Ratnesh,

Looking at that page I do see the

X-Frame-Options:DENY

header, so as currently configured, that page is not iframeable at all in a browser that honors that header.

Looking at the configuration for the site, I do see a problem with the clickjacking prevention configurations.

Please file a case with support to get this configuration issue resolved.

Here is a general link for more info on clickjacking, for anyone who is not familiar with the general issue: wikipedia

Regards,

Steve
- ratnesh
  Lithium Alumni (Retired)
  12 years ago
  Hi Steve,
  Thanks for replying and information around it. I have couple of more queries ..
  
  1. So I suppose this is server level configuration and our customer need to raise a case to turn this header off ?
  
  2. Is this configuration done as default thing or is on need basis ? Beause I do not see the header parameter coming in one of the other stage environements.
  
  Thanks,
  Ratnesh
- vishwajit_shind
  Expert
  9 years ago
  stever,
  
  Continuation to the above question raise by ratnesh. What if the
  X-Frame-Options: SAMEORIGIN
  Do we need to raise a case with support team to get this configuration issue resolved.
  
  Can you please provide more details regarding this configurations. As we are not able to call the community page in the iframe of another domain.

Forum Discussion

Problem in using studio page as an iframe on other domain

Related Content

iframe not being displayed

"Did this solve your problem?"

Customizing the CSS for Studio Itself

recommendations widget API problem

Problem creating pagination with rest2.0 query

Recent Discussions

Will adding/changing a custom tag trigger a Community event?

How to convert Endpoints to GraphQL queries?

Error message when adding a query to handlebars component (Aurora)

API v1 docs gone since Atlas migration to Aurora

Does anyone know how to change the display title of Custom Fields in Aurora?