Embed SuiteCRM from another IP using iFrame


I am trying to embed SuiteCRM from another application running on a Webserver. Both our application and the SuiteCRM are located in different server with different private IP’s. When the iFrame is loading the following error occurs:

Load denied by X-Frame-Options: http://10.20.30 [....] does not permit cross-origin framing.

Is there any way to fix this? Or, how can I modify the X-Frame-Option of SuiteCRM


Hi esarant,

I can’t actually see anywhere that SuiteCRM adds the X-Frame-Options header so this is possible something that your webserver is adding. Configuring your web server is likely the best option.

If that’s not possible you can add the following:


before any headers are sent. This can probably be done in an after_entry_point logic hook.

Hope this helps,

1 Like

Hello Esarant,

the problem is not related in suite. I can embed Suite without problems and vice versa. But only https/https - http/https - http/http

Use your application SSL encryption? https?

Hello and thank you for your answers.

The problem was at the apache configuration and more specific the following directive

<IfModule headers_module>
    <IfVersion >= 2.4.7 >
        Header always setifempty X-Frame-Options SAMEORIGIN
    <IfVersion < 2.4.7 >
        Header always merge X-Frame-Options SAMEORIGIN

I comment it out and now it is working perfectly.

Thank you,