Refused to display 'https://xxxx.com/' in a frame because it set 'X-Frame-Options'

Peter8
Tera Contributor

yesterday

Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?

 

Untitled picture.png

0 Helpfuls
  • 157 Views
11 REPLIES 11

Ankur Bawiskar
Tera Patron
In response to Peter8

2 hours ago

@Peter8 

is ServiceNow instance also using same SSO as that used by 3rd party website? 

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Peter8
Tera Contributor
In response to Ankur Bawiskar

2 hours ago

Hi @Ankur Bawiskar ,

 

Yes, they are same SSO

0 Helpfuls

Ankur Bawiskar
Tera Patron
In response to Peter8

2 hours ago

@Peter8 

I still believe that external website/application won't allow this since you are reaching/connecting to their URL from within ServiceNow

Please check with that team if it's allowed or not.

if not then it's not feasible to achieve and embed their URL within ServiceNow.

💡 If my response helped, please mark it as correct and close the thread 🔒— this helps future readers find the solution faster! 🙏

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader
0 Helpfuls

Tanushree Maiti
Mega Sage

3 hours ago

Hi @Peter8 : 

 

You are encountering the error for clickjacking prevention from external site where the external website explicitly blocks other sites from embedding it in an iframe for security reasons.

 

Here Solution could be

 

Using Popup window: Open the external link in a new, small browser window using window.open()

OR 

Contact the External Website Owner: The most direct solution is to contact the administrator of https://xxxx.com/ and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a Content-Security-Policy (CSP) frame-ancestors directive or an X-Frame-Options: ALLOW-FROM header specifying your instance's URL.

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls

Peter8
Tera Contributor
In response to Tanushree Maiti

2 hours ago

Hi @Tanushree Maiti ,

 

Do you know how can I add this in servicenow instance, for example,  I want to embed Prod to DEV, how can I add this policy in Prod instance?

0 Helpfuls