CANVAS 3.0.1 /w SSO embedded in an iframe -> This content can’t be shown in a frame

andreas.franke · September 3, 2018, 10:06am

Dears,

after upgrading to Canvas 3.0.1., I could finally get rid of a SSO issue, which is great. However, as of Canvas 3.0.1, SSO seems to include a couple of URL redirections, which I assume is causing another issue when the Canvas page is embedded in an IFRAME (in our case, within a Sharepoint webpart):

Does not work in Edge, but also not in Chrome. At least Chrome gives more details about error message:

Refused to display 'http://<mycanvasurl>in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Anyone any idead how to work around that? Can I influence this at all, e.g. setting the X-Frame-Options in a way that the Canvas page would be accepted in an IFRAME?

Thanks,
Andreas

plim · September 4, 2018, 12:49am

Hi @andreas.franke,

This could pose a security concern, so please do so at your own risk. Below is a temporary fix:

Within your Canvas’ WEB-INF folder application, open up your web.xml file and comment out or remove the following section/filter:

You will need to restart your Canvas Application server afterwards.

Let us know how it goes.

–
Paul

andreas.franke · September 4, 2018, 5:58am

Paul, you made my day, works perfectly!
And thanks for your remark concerning security. This application is not accessible in a public manner, so I think this would be acceptable.

Cheers,
Andreas

plim · September 4, 2018, 6:14am

Hi @andreas.franke,

Great! Thanks for the confirmation!

Just a note that this is a temporary fix and will be overwritten on upgrade. But we will look into how to make it more manageable and be able to persist on upgrades next.

–
Cheers!
Paul