2022-02-01 06-08-14
Muruga Nandan
32Views
10Comments
Integrating 3rd party application into the Outsystems iframes
Question
Reactive
Best Practices
Application Type
Reactive
Service Studio Version
11.54.33 (Build 62940)

Hello everyone,

Currently implementing the third party application into the iframe in my website. and i explored csp and enable the csp in outsystems security configuration.

im getting the same error and iframe couldn't load 

 

0
0
13 days ago

Hello ,

You have to add a URL also after enabling the CSP 
Refer this video Link
Thanks 

Regards Gourav Shrivastava

0
0
13 days ago

Hi @Gourav Shrivastava, I added the external url into the child-src and added the same to the frame ancestors-src. still im getting the same error and iframe can't load

0
0
12 days ago

Hi Muruga,

You need to validate with the owner of the site you want to iframe it in your application if they are allowing you to do it.
It seems that they have some diretive that are blocking to iframe it.

Hope it helps you.

Luís Dinis

0
0
12 days ago

Hi @Luis Dinis , thanks for you reply.

I checked that X- frame options value is "Allow"

These error are showing in console right now.

0
0
12 days ago

Yes Muraga, That's the point.


Since this is Header is deprecated  X-Frame-Options they should use the Access-Control-Allow-Origin instead.
e.g.

0
0
12 days ago

Oooh ok @Luis Dinis, thank you so much Luis.Will check that with that team. it's possible to change into X- frame options: Allow  to Access-Control-Allow-Origin  . And have you know about second error throughing in console - Refused to display 'https://gis-dev.prologis.cloud/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.  

0
0
12 days ago

This second error is about the same thing, isn't it?
"X- frame options"

I think if you solve one of them both will be solved.

Let me know if this helped you.

Luís Dinis

0
0
12 days ago

Yeah sure @Luis Dinis , will check that and let you know

0
0
12 days ago

Hi @Luis Dinis , sorry to disturb you I having small doubt for the above issue.There two different x-frame options. In a login page it showing below x-frame options 

And actually i need to embed the page to the i-frame, it through below x-frame options


If they changed X-frame options:Allow to Access-Control-Allow-Origin. Both pages can be visible in i-frame??

Thanks!

0
0
11 days ago
Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.