The deisgn of the widget is such that, we pull a studio page on other domain of customer in an iframe . Recenlty we started to get an error on customer's stage environment as Load denied by X-Frame-Options: http://<stage server> /t5/custom/page/page-id/widget does not permit framing. as the error implies the response header is passsing a parameter X-Frame-Options:DENY is this a configuration of security restriction ? would appreaciate some details on what can cause this error. Thanks,Ratnesh

Hi Ratnesh, Looking at that page I do see the X-Frame-Options:DENY header, so as currently configured, that page is not iframeable at all in a browser that honors that header. Looking at the configuration for the site, I do see a problem with the clickjacking prevention configurations. Please file a case with support to get this configuration issue resolved. Here is a general link for more info on clickjacking, for anyone who is not familiar with the general issue: wikipedia Regards, Steve

Forum Discussion

ratnesh

Lithium Alumni (Retired)

12 years ago

Solved

Problem in using studio page as an iframe on other domain

The deisgn of the widget is such that, we pull a studio page on other domain of customer in an iframe . Recenlty we started to get an error on customer's stage environment as

Load denied by X-Frame-Options: http://<stage server> /t5/custom/page/page-id/widget does not permit framing.

as the error implies the response header is passsing a parameter X-Frame-Options:DENY

is this a configuration of security restriction ? would appreaciate some details on what can cause this error.

Thanks,

Ratnesh

stever
12 years ago
Hi Ratnesh,

Looking at that page I do see the

X-Frame-Options:DENY

header, so as currently configured, that page is not iframeable at all in a browser that honors that header.

Looking at the configuration for the site, I do see a problem with the clickjacking prevention configurations.

Please file a case with support to get this configuration issue resolved.

Here is a general link for more info on clickjacking, for anyone who is not familiar with the general issue: wikipedia

Regards,

Steve

3 Replies

stever
Lithium Alumni (Retired)
12 years ago
Hi Ratnesh,

Looking at that page I do see the

X-Frame-Options:DENY

header, so as currently configured, that page is not iframeable at all in a browser that honors that header.

Looking at the configuration for the site, I do see a problem with the clickjacking prevention configurations.

Please file a case with support to get this configuration issue resolved.

Here is a general link for more info on clickjacking, for anyone who is not familiar with the general issue: wikipedia

Regards,

Steve
ratnesh
Lithium Alumni (Retired)
12 years ago
Hi Steve,
Thanks for replying and information around it. I have couple of more queries ..

1. So I suppose this is server level configuration and our customer need to raise a case to turn this header off ?

2. Is this configuration done as default thing or is on need basis ? Beause I do not see the header parameter coming in one of the other stage environements.

Thanks,
Ratnesh
vishwajit_shind
Expert
10 years ago
stever,

Continuation to the above question raise by ratnesh. What if the
X-Frame-Options: SAMEORIGIN
Do we need to raise a case with support team to get this configuration issue resolved.

Can you please provide more details regarding this configurations. As we are not able to call the community page in the iframe of another domain.

Forum Discussion

Problem in using studio page as an iframe on other domain

3 Replies

Related Content

iframe not being displayed

"Did this solve your problem?"

Customizing the CSS for Studio Itself

recommendations widget API problem

Problem creating pagination with rest2.0 query

Recent Discussions

Join node/group 301 API error

liqlAdmin in khoros aurora graphql API

How do I get the article ID in Freemarker in a TkbArticle?

How to retrieve "Internal reason for ban" field

Tips on keeping stage and prod in alignment?