Skip to main content

Hello,

I'm currently trying to embed another internal application into our Thinkwise application via an Iframe.

To some extent I have this working, but I'm having some issues with specific functionalities. The other application is a document management system (DMS). Therefore it should be possible to download/print files from this iframe.

When attempting this, the following error message pops up in the DMS:

Error message in embedded Document Management System

I understand the security implications of CORS, but in this situation we trust the source. I tried playing with multiple configurations in the web.config and appsettings.json file:

  1. Added some properties in the sandbox attribute of the iframe: sandbox="allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
  1. Add Header Content-Security-Policy: <add name="Content-Security-Policy" value="frame-src 'self' data:<dotiga_url>;" />
  1. Add Header Access-Control-Allow-Origin

 

Is there any possibility to allow this functionality from this origin specifically?

Hi ​@NickJanssen,

Can you create a TCP ticket for this please?
And in that ticket, can you include a screenshot of the error you get in the browser console?

Thanks in advance!

Kind regards,
Leroy Witteveen

I already created a TCP ticket for this (11366S), but there they asked me to put this question on the community. I reopened the ticket and added the screenshot on TCP.

@NickJanssen I had similar issues with a kanban board, I added the following header to the webserver host file of the kanban board:

add_header Content-Security-Policy "frame-ancestors 'self' https://<thinkwise_app_base_url>";

Reply


Terms & ConditionsCookie settings