Allow_from attribute not working in Clickjackprevention widget

Expand

Collapse

Advanced SearchOpens new dialog

Enter plus (+) or minus (-) signs in search terms to make a word required or excluded
Search Tips

Search terms

Screen Reader users press enter to select a Filter by product. Filter by product

Screen Reader users press enter to select a Filter by category. Filter by category

Sort by Direction

Answer ID 9791 | Last Review Date 03/22/2022

How can I allow my CP page to be displayed in an iframe on a specific site?

Environment

Customer Portal (CP)
Oracle B2C Service - August 2017

Resolution

When allowing a Customer Portal (CP) page to be displayed in an iframe on a certain site (not on all sites), the standard utils/Clickjackprevention widget has to be customized by adding the "allow_from" attribute to the code.

However, when setting the value for this attribute, one must consider what type of URL is provided as a value. For instance, a code such as:

<rn:widget path="utils/ClickjackPrevention" allow_from="https://www.domain.com" />

will not work.

The value set has to be in the form of "www.domain.com" and the code should look like:

<rn:widget path="utils/ClickjackPrevention" allow_from="www.domain.com/" />

<rn:widget path="utils/ClickjackPrevention" allow_from="*.domain.com/" />

The utils/ClickjackPrevention widget will automaticly append the HTTP/HTTPS

Should the above all_from fail, this convention may also be helpful.

<rn:widget path="utils/ClickjackPrevention" allow_from="domain.com/" />

Loading...

Login

How can I allow my CP page to be displayed in an iframe on a specific site?

Environment

Resolution

Was this answer helpful?

Still have questions?

Related Answers

Login