Thursday, August 22, 2019

iFrame

Had an issue with a client where their demo site, if put in an iFrame was erroring out with


X-Frame-Options: SAMEORIGIN error

Turned out the demo site was using sucuri and it was blocking iFrames.


Solution: https://docs.sucuri.net/website-firewall/troubleshooting/iframes-being-blocked/

https://docs.sucuri.net/warnings/hardening/security-headers-x-frame-options/

Uncheck 'Additional Security Headers' under Security tab in Sucuri console.


Url with iFrmae: http://uslaf-iis-q1/lsr/punchouttest/PunchoutFrame.aspx?link=https://hd-rg51-www1-demo-158560-cd.azurewebsites.net/api/sitecore/punchout/init/?buyercookie=TestCookie123&headerlink=cxmlFrameHeader.htm

Could also be whitelisting issue in Sucuri as well.

No comments:

Post a Comment