I have a staff member only WordPress website, where staff members can log in and access resources designed to help them do their job.
This WordPress website is password protected using the standard WordPress access system.
Iām trying to load that website inside the suite CRM rapper using a dashboard tab.
I am able to successfully get the login page to load in the wrapper, but when you try to authenticate the user in WordPress I get an error that tells me cookies are not enabled for that site.
Iāve tried a bunch of different header manipulations strategies to bypass this issue, but Iāve come up short so far.
I have a sense that itās a CORS or cross site scripting problem, but Iām not quite sure what steps to take next.
Does anyone have any experience with this, or might be able to point me in the right direction?
As an additional possible feature, Iām considering building a mechanism that auto logs the staff member into their WordPress site, but I havenāt even looked at that yet, since I canāt get the page to load after authentication anyway.
I wonder if you could give more details, to help others coming here in the future? A short explanation of what you did, or a link to a solution somewhere?
So the site that I wanted to load in the iFrame (Dashlet) needs to send an āX-Frame-Optionsā header, set to āNoneā in order for the SuiteCRM iFrame to load it successfully.
In my case, there was ānoā header being sent, therefore Chrome defaults this āX-Frame-Optionsā value to āSAMEORIGINā - which prevents the site from loading in the iframe.
I was able to set this header value by editing the Functions.php file.
Iām not sure I can recommend my solution as it may open some security issues, but in my environment, there is no real risk.