JavaScript disabled You need to activate JavaScript in order to use OpenProject! Learn more
Added by Michael Freitter about 5 years ago
Hello,
it is possible to show OpenProject in an iframe? I use nextcloud an in this application, it is possible to integrate other application with iframe.
Thanks!
Hi Michael,
our Content-Security Policy prohibits other origins embedding OpenProject as an iFrame. However in a local installation, you can freely modify this value here to your liking https://github.com/opf/openproject/blob/27564608db96fa5854620d1c6e74335aac647651/config/initializers/secure_headers.rb#L58
So to answer your question: Yes, with modifications.
We could make this a configuration option to allow you to add additional frame ancestors.
Best,
Oliver
Hi Oliver,
thank you for your answer!
Yes, I have a local installation.
>frame_ancestors: %w('self'),
1. What parameter should I do, or should I make a comment (#) character?
2. After the code changing, what steps must I do to bring this change to the running application?
Thanks
Michael
For example, set it to https://your.domain that is the one embedding OpenProject.
https://your.domain
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors for more details
Further up there is also the setting x_frame_options = 'SAMEORIGIN' which you may need to set to your domain as well with allow-from _uri_
x_frame_options = 'SAMEORIGIN'
allow-from _uri_
It's a bit doubled to the the difference in support by browsers for CSP2
Hi,
I tried to load my application in iframe but it's not coming it's showing
Refused to frame 'http://localhost:4200/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors *".
like this error is coming and i follow the instructions based on this link(https://community.openproject.org/topics/11130)
Please let me this solution for this.
Thanks,
Bhararth
Replies (4)
Hi Michael,
our Content-Security Policy prohibits other origins embedding OpenProject as an iFrame. However in a local installation, you can freely modify this value here to your liking https://github.com/opf/openproject/blob/27564608db96fa5854620d1c6e74335aac647651/config/initializers/secure_headers.rb#L58
So to answer your question: Yes, with modifications.
We could make this a configuration option to allow you to add additional frame ancestors.
Best,
Oliver
Hi Oliver,
thank you for your answer!
Yes, I have a local installation.
>frame_ancestors: %w('self'),
1. What parameter should I do, or should I make a comment (#) character?
2. After the code changing, what steps must I do to bring this change to the running application?
Thanks
Michael
For example, set it to
https://your.domain
that is the one embedding OpenProject.See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors for more details
Further up there is also the setting
x_frame_options = 'SAMEORIGIN'
which you may need to set to your domain as well withallow-from _uri_
It's a bit doubled to the the difference in support by browsers for CSP2
Hi,
I tried to load my application in iframe but it's not coming it's showing
Refused to frame 'http://localhost:4200/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors *".
like this error is coming and i follow the instructions based on this link(https://community.openproject.org/topics/11130)
Please let me this solution for this.
Thanks,
Bhararth