Webapp in iframe
-
Hi,
is there a config option to allow the WebApp to be embedded into another page by iframe? The CSP is blocking this and I couldn’t find any option regarding framing.
Regards
A. L. -
@alindemann
This is not really related to WebApp.Working webapp in iframe:
https://www.w3schools.com/code/tryit.asp?filename=G7X7Y5256C63 -
@alindemann said in Webapp in iframe:
find any option regarding framing.
Perhaps this is set in the webserver.
Example in apache2, i dont use nginx… (sorry) but enough example on the internet.
Header set X-Frame-Options: “sameorigin”I suggest, check you site with : https://securityheaders.com
And set what you need withing the vhost.
-
@alindemann @thctlo except when you are running kweb then you always need to specify csp yourself. WebApp does not enforce them on its own (which is what @marty was already saying).
-
@fbartels said in Webapp in iframe:
hen you are running kweb then you always need to specify csp yourself.
Ok, so kweb handles this already? that is a nice feature.
Most people forget to set CSP. -
@thctlo said in Webapp in iframe:
Header set X-Frame-Options: “sameorigin”
Remember that
X-Frame-Optionsis kind of obsolete - use https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors instead to have proper protection.@thctlo said in Webapp in iframe:
Ok, so kweb handles this already? that is a nice feature.
Yes. It is one of the main reasons why kweb exists. Shipping a solid web server configuration which includes things people tend to forget or are complicated to set up.
