Public
More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jschultz1234
Guide
‎06-30-2020 11:21 AM
‎06-30-2020 11:21 AM

Khoros Content Security Policy - Share in External iframe

I have Khoros on one subdomain and a separate tool on a different subdomain which shares content in an iframe. I am unable to do so with my community content due to Khoros security policy. How can I edit any of the following to allow this?

  • x-frame-options: SAMEORIGIN
  • Content Security Policy
  • Response Headers

 

0 Kudos
6 Replies 6
DonnaW
Moderator
‎06-30-2020 12:54 PM
‎06-30-2020 12:54 PM

You will need to go through Support to get that done.

Donna




kgroneman
Boss
‎07-23-2020 11:18 AM
‎07-23-2020 11:18 AM

I'm trying to do the same thing and looking for the same answer.   Thinking the Activecast Security Domain settings could be it, I tried to add the outside domain and got the following error which I don't understand:

2020-07-23_10h11_17.png

Anyone?

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.
0 Kudos
jschultz1234
Guide
‎07-31-2020 11:27 AM
‎07-31-2020 11:27 AM

This would be great to get resolved! I have a similar issue where we need to show blog content in iframes in a separate subdomain. 

Needs:

  • Turn OFF X-Frame Options
  • Add Content Security Policy to the Response Headers. 
    • content-security-policy: frame-src ‘self’ *.domain; frame-ancestors ‘self’ *.domain
0 Kudos
ashisman
Contributor
‎10-19-2020 03:54 PM
‎10-19-2020 03:54 PM

Hi Guys,

Did you get a solution for the above issue?

I face with same

0 Kudos
jschultz1234
Guide
‎10-26-2020 02:25 PM
‎10-26-2020 02:25 PM

You will need to submit a support ticket with Khoros and have them implement it. 

They need to update your response header settings to include content security policy and include all relevant domains. You can also include an asterisk in your domain to cover any current or future subdomains. *.yourdomain.com

and 

Change from x-frame-options: SAMEORIGIN

Change to x-frame-options: ALLOW-FROM https://yourspecificdomain.com

 

Inspect your page in Chrome, switch to the Network Tab, refresh your page, select the active URL from the list  and check the settings they have set. 

Capture.PNG

Capture2.PNG

0 Kudos
TedV
Khoros Alumni (Retired)
In response to jschultz1234
‎10-27-2020 04:42 AM
‎10-27-2020 04:42 AM

Hi @jschultz1234 ,

If the method you described successfully solved the issue, would you mind marking it as an accepted solution?

 

Thanks! 

Welcome to the Technology board!

Curious about our platform? Looking to connect on social technology? You've come to the right place!

Are you a Khoros customer? For direct assistance from our Support team, please visit the Support Forum.