Get a first look at what's coming. The Developer Passport Australia Release Preview kicks off March 12. Dive in! 

Refused to display 'https://xxxx.com/' in a frame because it set 'X-Frame-Options'

Go to solution
Peter8
Tera Contributor

3 weeks ago

Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?

 

Untitled picture.png

0 Helpfuls
  • 9,126 Views
1 ACCEPTED SOLUTION

Go to solution
Tanushree Maiti
Tera Sage

3 weeks ago

Hi @Peter8 : 

 

You are encountering the error for clickjacking prevention from external site where the external website explicitly blocks other sites from embedding it in an iframe for security reasons.

 

Here Solution could be

 

Using Popup window: Open the external link in a new, small browser window using window.open()

OR 

Contact the External Website Owner: The most direct solution is to contact the administrator of https://xxxx.com/ and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a Content-Security-Policy (CSP) frame-ancestors directive or an X-Frame-Options: ALLOW-FROM header specifying your instance's URL.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:

View solution in original post

0 Helpfuls
12 REPLIES 12

Go to solution
Ankur Bawiskar
Tera Patron
In response to Peter8

3 weeks ago

@Peter8 

is ServiceNow instance also using same SSO as that used by 3rd party website? 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Peter8
Tera Contributor
In response to Ankur Bawiskar

3 weeks ago

Hi @Ankur Bawiskar ,

 

Yes, they are same SSO

0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
In response to Peter8

3 weeks ago

@Peter8 

I still believe that external website/application won't allow this since you are reaching/connecting to their URL from within ServiceNow

Please check with that team if it's allowed or not.

if not then it's not feasible to achieve and embed their URL within ServiceNow.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Ankur Bawiskar
Tera Patron
In response to Ankur Bawiskar

3 weeks ago

@Peter8 

Hope you are doing good.

Did my reply answer your question?

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  10x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Go to solution
Tanushree Maiti
Tera Sage

3 weeks ago

Hi @Peter8 : 

 

You are encountering the error for clickjacking prevention from external site where the external website explicitly blocks other sites from embedding it in an iframe for security reasons.

 

Here Solution could be

 

Using Popup window: Open the external link in a new, small browser window using window.open()

OR 

Contact the External Website Owner: The most direct solution is to contact the administrator of https://xxxx.com/ and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a Content-Security-Policy (CSP) frame-ancestors directive or an X-Frame-Options: ALLOW-FROM header specifying your instance's URL.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls