DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
Prev
Next

Display DNN inside an iframe

Forums > Performance and Optimization
Sort:
You are not authorized to post a reply.





dnngow

New Around Here



Posts:1
New Around Here




10/12/2021 1:18 AM

    Hi
    after upgrading DNN to 9.9.1 version, it's not more possible to show DNN content in an iframe, after a custom login.
    A customer must call our DNN platform from an iframe and we have implememted a custom login, with a redirect to their landing page inside the iframe, with a SinglSignOn in custom login Module.
    Before the upgrade it worked fine (we switched from DNN version 911 to 991).
    After the upgrade, the client has an issue to do the SSO because he is redirected to the login page inside the iframe; the code behind is the same.
    Also entering the right credential doesn't work.
    Can you help me?
    Kind regards

    Rocco






    Michael Tobisch

    Veteran Member



    Posts:1124
    Veteran Member




    10/12/2021 5:19 AM

      Rocco,

      there is a (security) header defined in the web.config file:

      [add name="X-Frame-Options" value="SAMEORIGIN" /]

      (You have to replace the square brackets - [ and ] - by angle brackets - < and >. If I use angle brackets in this forum, the line would not be displayed...)

      This header blocks the display of the site in IFrames expect from the same site, and there is a good reason for that, as I explained in a video some years ago: Clickjacking - YouTube

      If there is only one site that is allowed to display the content in an IFrame, vou can set it to

      [add name="X-Frame-Options" value="ALLOW-FROM https://example.com/" /]

      If there are more than one, you have solve that in your CSP (Content Security Policy), the setting there is frame-ancestors.

      For more information read X-Frame-Options - HTTP | MDN (mozilla.org) and CSP: frame-ancestors - HTTP | MDN (mozilla.org).

      Happy DNNing!
      Michael

      Michael Tobisch
      DNN★MVP

      dnnWerk Austria
      DNN Connect
      You are not authorized to post a reply.

      These Forums are dedicated to the discussion of DNN Platform.

      For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

      1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
      2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
      3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
      4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
      5. No Flaming or Trolling.
      6. No Profanity, Racism, or Prejudice.
      7. Site Moderators have the final word on approving / removing a thread or post or comment.
      8. English language posting only, please.

      Would you like to help us?

      Awesome! Simply post in the forums using the link below and we'll get you started.

      Get Involved