cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Getting X-Frame-Options issue with WebFrame widget

Regular Member

Getting X-Frame-Options issue with WebFrame widget

We are facing some issue for displaying pdf file in WebFrame using a url which is SSO protected.

We are having WQS (i.e. Dot Net based product) and it provides Web Service with some api’s to access data from it.

 

Here Thingworx and WQS both are SSO configured with same PingFederate and both are using same Directory server.

When we are calling one WQS report API (using SOAP request) from Thingworx; then report in pdf format with WQS data is generated at WQS side and WQS api returns an URL to access this pdf file.

This url is SSO protected.

 

This pdf file url is passed to the WebFrame widget but this widget is giving error as ‘Refused to display <pdf file url> in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’’ and it do not display any contents of pdf file instead it just shows white blank background.

 

Do we have any option to handle this issue?

1 REPLY 1
Highlighted

Re: Getting X-Frame-Options issue with WebFrame widget

Hello.

 

I wonder if the issue you're observing is similar to the one described in this article

 

Basically, the SAMEORIGIN header is used to block cross-frame scripting (XFS). As a result, URLs are prevented from being displayed in a WebFrame. This seems to apply to your PDF URL as well.

 

-- Craig A.

Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum! ______________________________