CANVAS 3.0.1 /w SSO embedded in an iframe -> This content can’t be shown in a frame


#1

Dears,

after upgrading to Canvas 3.0.1., I could finally get rid of a SSO issue, which is great. However, as of Canvas 3.0.1, SSO seems to include a couple of URL redirections, which I assume is causing another issue when the Canvas page is embedded in an IFRAME (in our case, within a Sharepoint webpart):

image

Does not work in Edge, but also not in Chrome. At least Chrome gives more details about error message:

Refused to display 'http://<mycanvasurl>in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Anyone any idead how to work around that? Can I influence this at all, e.g. setting the X-Frame-Options in a way that the Canvas page would be accepted in an IFRAME?

Thanks,
Andreas


#2

Hi @andreas.franke,

This could pose a security concern, so please do so at your own risk. Below is a temporary fix:

Within your Canvas’ WEB-INF folder application, open up your web.xml file and comment out or remove the following section/filter:

image

You will need to restart your Canvas Application server afterwards.

Let us know how it goes.


Paul


#3

Paul, you made my day, works perfectly!
And thanks for your remark concerning security. This application is not accessible in a public manner, so I think this would be acceptable.

Cheers,
Andreas


#4

Hi @andreas.franke,

Great! Thanks for the confirmation!

Just a note that this is a temporary fix and will be overwritten on upgrade. But we will look into how to make it more manageable and be able to persist on upgrades next.


Cheers!
Paul