Public
New Commentator

Khoros Content Security Policy - Share in External iframe

I have Khoros on one subdomain and a separate tool on a different subdomain which shares content in an iframe. I am unable to do so with my community content due to Khoros security policy. How can I edit any of the following to allow this?

  • x-frame-options: SAMEORIGIN
  • Content Security Policy
  • Response Headers

 

6 Replies 6
Moderator

You will need to go through Support to get that done.

Donna




Honored Contributor

I'm trying to do the same thing and looking for the same answer.   Thinking the Activecast Security Domain settings could be it, I tried to add the outside domain and got the following error which I don't understand:

2020-07-23_10h11_17.png

Anyone?

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
New Commentator

This would be great to get resolved! I have a similar issue where we need to show blog content in iframes in a separate subdomain. 

Needs:

  • Turn OFF X-Frame Options
  • Add Content Security Policy to the Response Headers. 
    • content-security-policy: frame-src ‘self’ *.domain; frame-ancestors ‘self’ *.domain
Occasional Contributor

Hi Guys,

Did you get a solution for the above issue?

I face with same

New Commentator

You will need to submit a support ticket with Khoros and have them implement it. 

They need to update your response header settings to include content security policy and include all relevant domains. You can also include an asterisk in your domain to cover any current or future subdomains. *.yourdomain.com

and 

Change from x-frame-options: SAMEORIGIN

Change to x-frame-options: ALLOW-FROM https://yourspecificdomain.com

 

Inspect your page in Chrome, switch to the Network Tab, refresh your page, select the active URL from the list  and check the settings they have set. 

Capture.PNG

Capture2.PNG

Hi @jschultz1234 ,

If the method you described successfully solved the issue, would you mind marking it as an accepted solution?

 

Thanks! 

Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Lithium customer? For direct assistance from our Support team, please visit the Support Forum.