CANVAS 3.0.1 /w SSO embedded in an iframe -> This content can’t be shown in a frame



after upgrading to Canvas 3.0.1., I could finally get rid of a SSO issue, which is great. However, as of Canvas 3.0.1, SSO seems to include a couple of URL redirections, which I assume is causing another issue when the Canvas page is embedded in an IFRAME (in our case, within a Sharepoint webpart):


Does not work in Edge, but also not in Chrome. At least Chrome gives more details about error message:

Refused to display 'http://<mycanvasurl>in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Anyone any idead how to work around that? Can I influence this at all, e.g. setting the X-Frame-Options in a way that the Canvas page would be accepted in an IFRAME?



Hi @andreas.franke,

This could pose a security concern, so please do so at your own risk. Below is a temporary fix:

Within your Canvas’ WEB-INF folder application, open up your web.xml file and comment out or remove the following section/filter:


You will need to restart your Canvas Application server afterwards.

Let us know how it goes.



Paul, you made my day, works perfectly!
And thanks for your remark concerning security. This application is not accessible in a public manner, so I think this would be acceptable.



Hi @andreas.franke,

Great! Thanks for the confirmation!

Just a note that this is a temporary fix and will be overwritten on upgrade. But we will look into how to make it more manageable and be able to persist on upgrades next.