Embed SuiteCRM from another IP using iFrame

Hello,

I am trying to embed SuiteCRM from another application running on a Webserver. Both our application and the SuiteCRM are located in different server with different private IP’s. When the iFrame is loading the following error occurs:

Load denied by X-Frame-Options: http://10.20.30 [....] does not permit cross-origin framing.

Is there any way to fix this? Or, how can I modify the X-Frame-Option of SuiteCRM

Regards,
esarant

Hi esarant,

I can’t actually see anywhere that SuiteCRM adds the X-Frame-Options header so this is possible something that your webserver is adding. Configuring your web server is likely the best option.

If that’s not possible you can add the following:

header_remove('X-Frame-Options');

before any headers are sent. This can probably be done in an after_entry_point logic hook.

Hope this helps,
Jim

1 Like

Hello Esarant,

the problem is not related in suite. I can embed Suite without problems and vice versa. But only https/https - http/https - http/http

Use your application SSL encryption? https?

Hello and thank you for your answers.

The problem was at the apache configuration and more specific the following directive


<IfModule headers_module>
    <IfVersion >= 2.4.7 >
        Header always setifempty X-Frame-Options SAMEORIGIN
    </IfVersion>
    <IfVersion < 2.4.7 >
        Header always merge X-Frame-Options SAMEORIGIN
    </IfVersion>
</IfModule>

I comment it out and now it is working perfectly.

Thank you,
ilias