Hit-and-miss embedding of a Xojo app in an iFrame

I’m having a lot of trouble with an app embedded within an iFrame of a Joomla website - it’s not that I can’t get the app showing (the web security and iFrame tags are fine), but that I’m getting a real hit-and-miss between the application showing at all (view iFrame source shows everything about a Xojo web-app that you would expected to see - just nothing visually appears), or else you get the app as you expect but then it immediate switches to the ‘We are having trouble communicating…reconnect’ as if the application has dropped its connection.

Hitting [Reload Frame] can switch between the two states but without the app actually working to it’s required extent.

Accessing the application directly using a web-address to display normally in a browser, simultaneous to these problems, works fine so it is clearly only within the iFrame that issues are occurring.

I’ve tried various SSL / TLS settings in case the problem was here, but same result for each option.

Anyone see these types of connection drops in these circumstances before, and/or has a cure to it?

The webpage within the text iFrame in use is here: Test database search

That’s a good question for the engineering, is a Xojo App “Frameable”? Some apps just refuse not being at the main document level.

Well, from what I can tell searching the forum, it’s a common usage for many people’s commercial applications. There are also security settings for doing just that in the documentation - these settings often being the cause of failure.

In this case however, the app is actually working…occassionally…momentarily…before the connection drops, so I\m hope some of those guys have seen this before.

In Xojo?

Yep. Some people on here have built app in Xojo, then embedded them in an existing website.

As I say, there are also security settings allowing / disallowing it to be possible.

Well, so I have my answer. Yes. It’s possible. You just have hit a problem that someone else can help.

You didn’t mention that you Xojo app is using XojoCloud, that may be relevant.
From what I understand XojoCloud is very secure so maybe you need to change something there.

This can happen when the site is https, but he xojo/iframe contents is http.

Thanks Jay, but unfortunately both are https. Occasionally, things do appear but the connection does not last.

Actually, that is an idea. Thanks Alberto - this is on a XojoCloud. I’d have thought that the connection would not even be initiated so nothing would appear, but I’ll take a look and see if the catch is just delayed.

You can try some things, like using Lifeboat and set a small test droplet.

If that changes something, then you can file a Feedback case with more information or a support email for help on how to make your XojoCloud instance to work.

If there is something that needs fixing, then @Ricardo_Cruz can help too.


Thanks Alberto - I tried a Lifeboat connection, but it’s not having it for the server where the website is located - it’s in the supported OS list, but I’m guessing that Plesk is getting in the way. I’m going to have a look around some of my other servers for an upload see if I get any better luck.

It looks like the session is getting lost for some reason. Is this also happening with a simpler app?, if so, it would be nice to have a Feedback Case to investigate what’s going on.

1 Like

Yes - I originally tried it with the full app (it’s a full database and production management system that we use behind the scenes), but switched it out with what you see now (or don’t…) which is just a simple label on the page - so can’t get much simpler.

Unfortunately, it’s the same in all cases.

TBH however, as I need this up quite quickly and reliably (it may not be me who manages this, long term), I’ve gone a different option - I think that on selection of the required link, I’m just going to switch across to a ‘fake’ web-page that provides a styled front end with an almost identical URL (maybe just a subdomain), but calls the existing business in the background internallly. These users won’t be too worried about that - as long as first contact is always through the primary website.

Cheers for the all the help guys.

1 Like

@Craig_Robinson Have you tried adding this line in the app.opening event?

Self.Security.FrameOption = WebAppSecurityOptions.FrameOptions.Allow

But this option might allow anyone to embed your app into their own website.

1 Like