The Zurich release has arrived! Interested in new features and functionalities? Click here for more

External web page / iFrame targeting ServiceNow Dashboard

abaron
Mega Guru

‎02-21-2024 06:11 AM

Hi,

 

I'd like to create a page, on a website (https://example.com), with an iframe that would display a ServiceNow dashboard.


I've seen that a setting should be made in the "HTTP Response Headers" table (sys_response_header) to authorize the "example.com" website via a "Content-Security-Policy" parameter.
But that doesn't seem to be enough, and unfortunately I don't master this subject.


Currently, the ServiceNow page is displayed in the iFrame, but I get lots of errors in the console such as
"Blocked a frame with origin "https://xxxxxxxxx.service-now.com" from accessing a cross-origin frame."

 

Do you have any advice or a tutorial on how to achieve this?

 

Thanks in advance.

Labels:
0 Helpfuls
  • 1,392 Views
1 REPLY 1

Shaqeel
Mega Sage

‎02-21-2024 06:33 AM

Hi @abaron 

 

This is what I found that might help.

 

This error is related to the Same-Origin policy, which is a critical aspect of web security. It prevents a malicious script on one page from obtaining access to sensitive data on another web page. Here are the steps to resolve this issue:

 

1. Understand the Error: The error is due to the browser's security policy called the same-origin policy. This policy permits scripts running on pages originating from the same site to access each other's Document Object Model (DOM) with no specific restrictions, but prevents access to DOM on different sites.

2. Use CORS (Cross-Origin Resource Sharing): CORS is a mechanism that allows many resources (e.g., fonts, JavaScript, etc.) on a web page to be requested from another domain outside the domain from which the resource originated. In ServiceNow, you can enable CORS by navigating to System Web Services > CORS Rules and adding a new rule.

3. Add CORS Rule: Click on New to add a new CORS rule. Fill in the details like Name, Origin, Methods, Headers, Max Age, Supports Credentials, Order, and Active. The Origin should be the domain you want to allow access to. The Methods should be the HTTP methods you want to allow like GET, POST, etc. The Headers should be the HTTP headers you want to allow.

4. Save the Rule: After filling in the details, click on Submit to save the rule.

5. Test the Rule: Now, try accessing the frame again. The error should be resolved.

 

Remember, CORS should be enabled only for trusted domains as it can expose your ServiceNow instance to security risks.

 

Mark Helpful/Solution 🙂

 

Regards

Shaqeel


***********************************************************************************************************************
If my response proves useful, please indicate its helpfulness by selecting "Accept as Solution" and " Helpful." This action benefits both the community and me.

***********************************************************************************************************************





Regards

Shaqeel