Web Dashlet - https


Are we unable to view https websites via a dashlet?



You should be able to view HTTPS websites in the dashlet.

Tested with https://suitecrm.com and it works ok.

I would check the website has the correct certificate etc.

If you’re having issues, please post screen shots and provide the relevant information about your system/environment.



1 Like

Hi Will,

Thanks for your reply.

I have tried a few different https sites and none of them load (just an empty dashlet).

The latest one is the Freshbooks site.

Attached is an image of the screen capture (not that it shows much… :slight_smile:




have you tried http-sites?
If you want to show https-sites, you need https on your Site

1 Like

ahhhh thanks…

Yes I can add http sites just not https.



What is the issue with adding https sites? I have no issue adding them to the dashlet.


I have 7.2.1 in https and in web dashlet i can add only https sites.

I can not add http site

Hello deftaxias,

you can not frame unsecure content in https-sites …

1 Like

This problem has plagued me since the beginning of SuiteCRM 7.1. I usually encounter this during major installations of SuiteCRM in this case 7.4.3. I test and then forget about hoping it will be fixed in the next release. I have been unable to discern a consistent pattern - some http sites are fine others are not. Some https sites are fine and others are not. I’m hoping to shed some light for folks as I have spent quite a bit of time on this.

It’s related to the fact the a website can control its own destiny so to speak in allowing/disallowing other hosts (ie foreign) to embed its content within a iframe construct. The web dashlet ultimate renders down to an iframe stanza within the SuiteCRM webpages. This may same a bit counter intuitive since this is the whole point of wanting to embed foreign content to have it render as if it were local to the page. However, there are security reasons known as clickjacking as to why you possibly might want to do this as a content owner.

First, how is it accomplished?

Turns out it is done within the apache webserver using the X-FRAME-OPTIONS settings. Then This setting gets propagated back to the web browser within the HTTP response header and informs the browser not to render the site within the particular iframe. For example, google makes use of this.

Second, how can you determine if this is happening to you?

  1. Use any of this web developer tools that are built-in to your browser or can be added as a plugin.

a) Inspect the iframe element within the SuiteCRM page and look at the messages within the console. You should see some reference to X-FRAME-Options. Here’s and exampe of trying to embed the moodle.org website within my dashlet using Chrome:

2about:blank:1 Refused to display 'https://moodle.org/' in a frame because it set 'X-Frame-Options' to 'sameorigin, SAMEORIGIN'.

This will allow you to quickly determine embedding this website will be possible. It really has nothing to do with Suite/Sugar CRm functionality and there is not much you can do about it.

Finally, as far as a potential enhancement goes - If we could example the HTTP response header and parse for this message, maybe we could throw and exception and post an error message within the Dashlet. This I think would save a lot of frustration moving forward. Anyway, just a thought.

Hope this helps.


1 Like