iFrame not showing URL when Port Number added

David_Cox · February 14, 2017, 4:10pm

I have a desktop app running on macOS that outputs an HTML file that can be launched and viewed by the default browser. Inside this HTML file is an iFrame that holds a link to a URL. When that URL is plain (no port number) it works fine e.g. http://click.bulkemailapp.com

<iframe frameborder="1" height="200" scrolling="no" src="http://click.bulkemailapp.com" width="800"></iframe>

But when it includes port number to a Xojo WebApp that I know is operational, nothing is displayed e.g. http://click.bulkemailapp.com:4000

<iframe frameborder="1" height="200" scrolling="no" src="http://click.bulkemailapp.com:4000" width="800"></iframe>

In the case of http://click.bulkemailapp.com:4000, the WebApp should run a ShowURL of an error page due to the lack of parameters, and runs fine outside the iFrame, but fails inside the iFrame.

Any clues on why a port number should block an iFrame from displaying?

Tim_Parnell · February 14, 2017, 4:20pm

http://click.bulkemailapp.com:4000 isn’t loading for me while http://click.bulkemailapp.com is even outside the iframe.

David_Cox · February 14, 2017, 4:26pm

Can you try it again, I hadn’t set up the router forwarding.

Tim_Parnell · February 14, 2017, 4:29pm

Here’s the error from the iframe:

Refused to display 'http://click.bulkemailapp.com:4000/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

David_Cox · February 14, 2017, 4:31pm

Well click.bulkemailapp.com and click.bulkemailapp.com:4000 are both running on the same computer (the former being port 80 or course). Why might this be worthy of an error?

Tim_Parnell · February 14, 2017, 4:33pm

Browser security settings, cross-site scripting protection.
I’m not sure if there’s something you can do with the HTML to change X-Frame-Options or if that’s a browser setting.
(Google might know, though.)

David_Cox · February 14, 2017, 4:34pm

Thanks Tim. You’ve given a place to start looking.

Even if I set the URL to an entirely different server outside my intranet (but with a port number) it doesn’t display, so I don’t think it’s a ‘same PC’ style issue.

Paul_Lefebvre · February 14, 2017, 4:43pm

It sounds like you need to set the WebApplication.Security to allow the web app to display in an Iframe.

http://documentation.xojo.com/index.php/WebApplication.Security

David_Cox · February 14, 2017, 4:49pm

Thanks Paul. Setting the below code in the App.Open event of my WebAp fixed it:

Security.FrameEmbedding = WebAppSecurityOptions.FrameOptions.Allow

Tim_Parnell · February 14, 2017, 4:51pm

Cool, glad it was easy