Why aren't my Customer Portal pages showing up when I try to display them in an iframe?
This answer applies to Customer Portal version 3.x page sets, in November 2013 and later versions.
Customer Portal by default uses a widget to prevent Clickjacking. This widget is named utils/ClickjackPrevention, and it works by setting X-Frame-Options to DENY. This prevents any pages that include this widget from being served via iframe.
This widget is included by default in all template files for November 2013 and newer versions, for new implementations of Oracle RightNow Cloud Service.
If you wish to display your Customer Portal pages in an iframe, this widget must be removed from any pages that will be displayed in the iframe. It may be removed using the following steps:
- Edit the template file for the page that you wish to display in an iframe (i.e. templates/standard.php)
- Locate the following widget code:
- Remove this code from the template
- Save, test, and deploy the template file per normal Customer Portal procedures
For additional information, refer to the following sections in online documentation for the version your site is currently running:
- Preventing iFrame security issues
- Clickjacking protection
To access Oracle B2C Service manuals and documentation online, refer to the Documentation for Oracle B2C Service Products.