Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Not able to embed iframe from different domain

viveksachdeva
Level 7
Level 7

Hi,

 

I have a chatbot which I need to embed in on my page using iframe. The chatbot is hosted on a different domain. Whenever I embed it using iframe, I am getting error : "Refused to display ... in a frame because it set 'X-Frame-Options' to 'deny'."

 

I tried setting X frame policy in Sling Main Servlet to Allow from this domain but it shows "'ALLOW-FROM' is not a recognized directive. The header will be ignored."

 

Any suggestions on how I can achieve this?

 

Thanks in advance

1 Accepted Solution
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

Hello there,

It seems like it may be a problem with the chat bot itself. Check the response headers for:

  • Content Security Policy (CSP) frame-ancestors directive
  • X-Frame-Options 

Do they allow the use for iframe for consumption?

AEM pages should be able to display iframes without much configuration, but from experience, it’s not a good practice to use iframes on your webpages because ow security issues. 
You can start with a simple <iframe> that refers to https://google.com to validate that no AEM configuration is required.

View solution in original post

1 Reply
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

Hello there,

It seems like it may be a problem with the chat bot itself. Check the response headers for:

  • Content Security Policy (CSP) frame-ancestors directive
  • X-Frame-Options 

Do they allow the use for iframe for consumption?

AEM pages should be able to display iframes without much configuration, but from experience, it’s not a good practice to use iframes on your webpages because ow security issues. 
You can start with a simple <iframe> that refers to https://google.com to validate that no AEM configuration is required.