Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

Refused to display 'https://xxxx.com/' in a frame because it set 'X-Frame-Options'

Go to solution
Peter8
Tera Contributor

3 weeks ago

Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?

 

Untitled picture.png

0 Helpfuls
  • 9,126 Views
1 ACCEPTED SOLUTION

Go to solution
Tanushree Maiti
Tera Sage

3 weeks ago

Hi @Peter8 : 

 

You are encountering the error for clickjacking prevention from external site where the external website explicitly blocks other sites from embedding it in an iframe for security reasons.

 

Here Solution could be

 

Using Popup window: Open the external link in a new, small browser window using window.open()

OR 

Contact the External Website Owner: The most direct solution is to contact the administrator of https://xxxx.com/ and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a Content-Security-Policy (CSP) frame-ancestors directive or an X-Frame-Options: ALLOW-FROM header specifying your instance's URL.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

View solution in original post

0 Helpfuls
12 REPLIES 12

Go to solution
Ankur Bawiskar
Tera Patron

3 weeks ago

@Peter8 

you can't embed external website within ServiceNow due to security reason and external website wants to avoid clickjacking attack.

Reason being that external website must be sending an "X-Frame-Options: SAMEORIGIN" or "X-Frame-Options: DENY" in response header.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Peter8
Tera Contributor
In response to Ankur Bawiskar

3 weeks ago

Hi @Ankur Bawiskar ,

 

Do you know if there is a way for me to obtain the access token and refresh token after logging in through AAD SSO?

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
In response to Peter8

3 weeks ago

@Peter8 

what's your exact requirement?

which external website is this?

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Peter8
Tera Contributor
In response to Ankur Bawiskar

3 weeks ago

Hi @Ankur Bawiskar ,

 

I want to integrate a third-party website into SNOW. If a user of this system logs in via SSO and then accesses this page, we will find that since they have already logged in, there is no need for manual login. The SSO information will automatically log them in.

0 Helpfuls