Live Agent Chat Not Loaded When Embedded in iFrame
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2021 11:55 AM
I have a developer instance that I am working with to build a POC of a live agent chat on a website. I can get the chat to work in the SN portal just fine, and I can load the chat embed page just fine outside of the website (sn_va_web_client_app_embed.do). But when I try to load it in an iFrame on my site, I get the following error and it only loads part of the UI.
AMB getClient() tried to access parent from an iFrame. Caught error: SecurityError: Blocked a frame with origin "https://devXXXXX.service-now.com" from accessing a cross-origin frame.
I have followed all of the instructions from https://docs.servicenow.com/bundle/paris-performance-analytics-and-reporting/page/administer/virtual-agent/task/create-va-standalone-client.html but I can't get past this error.
Any help would be appreciated!
- Labels:
-
Virtual Agent

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2021 12:26 PM
Take a look into below solution to embed Agent chat in iframe
https://community.servicenow.com/community?id=community_question&sys_id=aaa1ebf3dbe900101cd8a345ca9619fe
Regards,
Sachin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-05-2021 06:38 AM
I'm unable to find the SAML2_update1 script include anywhere in my system. Although, I don't think this is the issue.
The error I get looks like the embed recognizes that it is in an iframe and then attempts to communicate with the parent. Because that parent is not the same domain, that's what throws the error. I tried adding the PostEvent code to allow communication that way, but I still get the same error.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2021 07:22 AM
To avoid clickjacking attacks by ensuring that their content is not embedded into other sites. Servicenow uses glide.set_x_frame_options property to set the X-Frame-Options response header to SAMEORIGIN for all UI pages.
https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/x-frame-options-sameorigin.html