Hi after upgrading DNN to 9.9.1 version, it's not more possible to show DNN content in an iframe, after a custom login. A customer must call our DNN platform from an iframe and we have implememted a custom login, with a redirect to their landing page inside the iframe, with a SinglSignOn in custom login Module. Before the upgrade it worked fine (we switched from DNN version 911 to 991). After the upgrade, the client has an issue to do the SSO because he is redirected to the login page inside the iframe; the code behind is the same. Also entering the right credential doesn't work. Can you help me? Kind regards
Rocco
Rocco,
there is a (security) header defined in the web.config file:
[add name="X-Frame-Options" value="SAMEORIGIN" /]
(You have to replace the square brackets - [ and ] - by angle brackets - < and >. If I use angle brackets in this forum, the line would not be displayed...)
This header blocks the display of the site in IFrames expect from the same site, and there is a good reason for that, as I explained in a video some years ago: Clickjacking - YouTube
If there is only one site that is allowed to display the content in an IFrame, vou can set it to
[add name="X-Frame-Options" value="ALLOW-FROM https://example.com/" /]
If there are more than one, you have solve that in your CSP (Content Security Policy), the setting there is frame-ancestors.
For more information read X-Frame-Options - HTTP | MDN (mozilla.org) and CSP: frame-ancestors - HTTP | MDN (mozilla.org).
Happy DNNing! Michael
These Forums are dedicated to the discussion of DNN Platform.
For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:
Awesome! Simply post in the forums using the link below and we'll get you started.