Live Agent Chat Not Loaded When Embedded in iFrame

jherres · ‎01-04-2021

I have a developer instance that I am working with to build a POC of a live agent chat on a website. I can get the chat to work in the SN portal just fine, and I can load the chat embed page just fine outside of the website (sn_va_web_client_app_embed.do). But when I try to load it in an iFrame on my site, I get the following error and it only loads part of the UI.

AMB getClient() tried to access parent from an iFrame. Caught error: SecurityError: Blocked a frame with origin "https://devXXXXX.service-now.com" from accessing a cross-origin frame.

I have followed all of the instructions from https://docs.servicenow.com/bundle/paris-performance-analytics-and-reporting/page/administer/virtual-agent/task/create-va-standalone-client.html but I can't get past this error.

Any help would be appreciated!

sachin_namjoshi · ‎01-04-2021

Take a look into below solution to embed Agent chat in iframe

https://community.servicenow.com/community?id=community_question&sys_id=aaa1ebf3dbe900101cd8a345ca9619fe

Regards,

Sachin

jherres · ‎01-05-2021

I'm unable to find the SAML2_update1 script include anywhere in my system. Although, I don't think this is the issue.

The error I get looks like the embed recognizes that it is in an iframe and then attempts to communicate with the parent. Because that parent is not the same domain, that's what throws the error. I tried adding the PostEvent code to allow communication that way, but I still get the same error.

Pranesh072 · ‎01-06-2021

To avoid clickjacking attacks by ensuring that their content is not embedded into other sites. Servicenow uses glide.set_x_frame_options property to set the X-Frame-Options response header to SAMEORIGIN for all UI pages.

https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/x-frame-options-sameorigin.html