Hi Team,
I have requirement to open a Html help page inside my outsystem web application.
Something like application/Help
so i create a module and create a web page inside it and then placed iframe in it.
So i am facing problem like
<iframe src='Helpfile.html' id='ifrm1' height='800px' width='100%' frameborder='0' allowfullscreen></iframe>"
But i am not able to open page as i faced following issue
X-Frame option set to deny.
Content security policy for url
Hi Hemlata,
This is not a problem you can solve with OutSystems.
The error means the webpage you are trying to display inside an iFrame within your OutSystems application, is not allowed to be displayed because the server it runs on has its X-Frame options header set to 'deny' which means it cannot be display inside an iFrame at all.
This setting needs to be changed to 'sameorigin' in order to allow the webpage to be displayed inside an iFrame of the same origin as the page itself. And additionally, the Content Security Policy frame ancestors directive needs to be configured in order to allow the webpage to be displayed inside an 'external source' in which you need to set the hostname where your OutSystems application can be reached.
Content-Security-Policy: frame-ancestors 'self' https://www.youroutsystemshostname.com;
Hope this helps!
Regards,
Nordin
Hi Nordin,
I have a bit of unfavorable scenario where I am using OS10 web app and dont have a lifetime license.
I can see lifetime tables which have 'osltm_' at start of their table name. I need to use my web app in another non-outSystem env for which, I need to add my parent env name to frame-ancestor field. Can anyone suggest a way or any lifetime related database table which will help me to put the frame-ancestor field via backend directly??
Ishan Wasnik
Hi Hemlata Nerurkar!
Your problem is similar to this:
https://www.outsystems.com/forums/discussion/43527/x-frame-options-setting/