Skip to main content
Solved

Embedding internal application in iframe

NickJanssen
Captain
Forum|alt.badge.img+5

Hello,

I'm currently trying to embed another internal application into our Thinkwise application via an Iframe.

To some extent I have this working, but I'm having some issues with specific functionalities. The other application is a document management system (DMS). Therefore it should be possible to download/print files from this iframe.

When attempting this, the following error message pops up in the DMS:

Error message in embedded Document Management System

I understand the security implications of CORS, but in this situation we trust the source. I tried playing with multiple configurations in the web.config and appsettings.json file:

  1. Added some properties in the sandbox attribute of the iframe: sandbox="allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
  1. Add Header Content-Security-Policy: <add name="Content-Security-Policy" value="frame-src 'self' data:<dotiga_url>;" />
  1. Add Header Access-Control-Allow-Origin

 

Is there any possibility to allow this functionality from this origin specifically?

Best answer by Vincent Doppenberg

We are currently working on a formalized implementation of custom components that’s separate from our standard document preview feature. This will allow more room for tailored security settings for different custom integrations.

View original
Ricky
1 person likes this
  • Ricky
    Ricky
Did this topic help you find an answer to your question?

4 replies

Leroy Witteveen
Moderator
Forum|alt.badge.img+3

Hi ​@NickJanssen,

Can you create a TCP ticket for this please?
And in that ticket, can you include a screenshot of the error you get in the browser console?

Thanks in advance!

Kind regards,
Leroy Witteveen

NickJanssen
Captain
Forum|alt.badge.img+5
  • NickJanssenCaptain
  • Author
  • Captain
  • 43 replies
  • April 1, 2025

I already created a TCP ticket for this (11366S), but there they asked me to put this question on the community. I reopened the ticket and added the screenshot on TCP.

Ricky
1 person likes this
  • Ricky
    Ricky
Freddy
Forum|alt.badge.img+16
  • Freddy
  • Thinkwise Local Partner Brasil
  • 528 replies
  • April 1, 2025

@NickJanssen I had similar issues with a kanban board, I added the following header to the webserver host file of the kanban board:

add_header Content-Security-Policy "frame-ancestors 'self' https://<thinkwise_app_base_url>";

LEF — Lift. Empower. Fulfill. [lef.digital]
V
Moderator
Forum|alt.badge.img+4

We are currently working on a formalized implementation of custom components that’s separate from our standard document preview feature. This will allow more room for tailored security settings for different custom integrations.

Ricky
1 person likes this
  • Ricky
    Ricky

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings