locked
CRM 2013 - Access external websites within an Iframe on dashboard. RRS feed

  • Question

  • Hi All,

    I am trying to add an url of external web site to crm iframe on a dashboard. But getting error saying 'THIS CONTENT CANNOT BE DISPLAYED IN A FRAME ; to help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame'.

    The developer tool says, "Refused to display 'https://www.google.co.uk/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'."

    CRM is online.

    How can I get around this issue please?

    Thanks.

    Tuesday, May 6, 2014 4:17 PM

All replies

  • I guess you need to un-tick restrict cross site scripting tick box, refer following article for this..

    link

    MayankP
    My Blog
    Follow Me on Twitter

    Tuesday, May 6, 2014 8:18 PM
    Answerer
  • Hi Mayank,

    The check box to 'Restrict Cross Frame Scripting' does not seem to effect this as i have tried both. The user dashboard had it ticked and was also disabled, the system dashboard was editable.

    Any other suggestions please..

    Many Thanks.

    Tuesday, May 6, 2014 10:37 PM
  • There is no way around this because it is the external site owner dictating the X-Frame-Options value, in this case "SAMEORIGIN", to prevent clickjacking and the browser you use respects that.

    Security and Privacy

    Clickjacking Defense: Some hackers try to trick users into clicking buttons that appear to perform safe or harmless functions, but instead perform unrelated tasks. Clickjackers embed malicious code or "redress" the user interface by using transparent frames that overlay specific UI elements with misleading text and images. To help prevent clickjacking, Web site owners can send an HTTP response header named X-Frame-Options with HTML pages to restrict how the page may be framed.

    If the X-Frame-Options value contains the token Deny, Internet Explorer 8 prevents the page from rendering if it is contained within a frame. If the value contains the token SameOrigin, Internet Explorer will not render the page if the top level-browsing-context differs from the origin of the page containing the directive. Blocked pages are replaced with a "This content cannot be displayed in a frame" error page.


    Ronald

    Wednesday, May 7, 2014 1:49 AM
  • Shaffana, you can insert any website except for google.

    Wednesday, May 7, 2014 5:29 AM
  • Hi Jeff,

    Not very true I am afraid. I have tried many but with the same fate...

    Wednesday, May 7, 2014 8:29 AM