Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Loading activi-app in an iFrame

mikeblum
Champ in-the-making
Champ in-the-making

‎07-14-2015 02:27 PM

I'm attempting to load the activiti-app into an iframe from Box.com but get blocked with the following exception:

Refused to display 'https://localhost/activiti-app/workflow/#/tasks?taskId=100011' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

Configuring the CORS filter on the tomcat instance in tomcat/conf/web.xml:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

but I'm still getting denied. Do I need to configure something in the activiti-app.properties to enabvle loading into an iframe?

Thanks,
Mike

Labels:
0 Kudos
4 REPLIES 4

jbarrez
Star Contributor
Star Contributor

‎07-14-2015 03:38 PM

yes, the current (1.2.2) version does indeed have Sameorigin, meaning that you would have to use a proxy server such that everything is running on the same domain.

The cors filter is probably not going to help, cause it's being set in the Spring SecurityConfiguration.

To solve the issue, we'd probably have to allow for configuration of the X-Frame options, but we've had some security issues with that before … which is why we set it to sameorigin.
0 Kudos

mikeblum
Champ in-the-making
Champ in-the-making
In response to jbarrez

‎07-14-2015 05:18 PM

That makes sense. I tried adding a proxy to my Apache http server:

        ProxyPass /activiti-app http://localhost:8080/activiti-app
        ProxyPassReverse /activiti-app http://localhost:8080/activiti-app

But I'm still getting a SAMEORIGIN error. Is proxyPass not going to work?
0 Kudos

vasile_dirla
Star Contributor
Star Contributor

‎07-15-2015 03:04 PM

it seems the iframe source want to load the "https://localhost/activiti-app/"  make sure you configure the proxy pass with SSL

you have to load: mod_proxy, mod_ssl and mod_proxy_http and then define the ProxyPass
<blockcode>
<VirtualHost *:443>
    SSLEngine On
    SSLProxyEngine On
    ProxyRequests Off
    SSLCertificateFile /etc/httpd/certs/yourCertificate.crt
    SSLCertificateKeyFile /etc/httpd/certs/yourKey.key
    ProxyPass /activiti-app http://localhost:8080/activiti-app
    ProxyPassReverse /activiti-app http://localhost:8080/activiti-app
</VirtualHost>
</blockcode>

Maybe you already did that but this is the first thing I have in mind considering the problem.
0 Kudos

mikeblum
Champ in-the-making
Champ in-the-making

‎07-27-2015 04:55 PM

Thanks. That's exactly what we ended up doing with an apache2 proxy.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC