Embedding a kentico page in an iframe on a different domain

Matt Hennig asked on May 7, 2014 14:51

I am trying to load a page from my kentico site via an iframe located on a totally different site and domain. This did not work at first because Kentico adds the HTTP response header:

X-frame-options: SAMEORIGIN

I got around that by putting the directory that this page resides in to the following key in the appSettings section of the web.config

`<add key="CMSXFrameOptionsExcluded" value="/Forms" />`

Then the page loaded... BUT now I get a JavaScript error "Access is denied." on this line of code

if(top.getWopener) {

which is part of this JS being output with the page:

<script type="text/javascript">
    //<![CDATA[

if (wopener == null) { 
    var wopener = window.dialogArguments;
} 
if (wopener == null) {
    wopener = opener;
}
if ((wopener == null) && (top != null))
{ 
    if(top.getWopener) {
        wopener  = top.getWopener(window);
    }
    else {
        wopener =  window.top.opener ? window.top.opener : window.top.dialogArguments;
    }
}
//]]>
</script>

Any ideas where this JS code is coming from in Kentico? I searched the entire project directory and can't find it anywhere. Is it something in the source code that I can't access? And if so, is there any work around for this?

Thanks, Matt

Recent Answers

Francois Charbonneau answered on May 7, 2014 15:56

It's related to onsite editing. If you logout of the admin yoy will not get the error

1 votesVote for this answer Mark as a Correct answer

Matt Hennig answered on May 8, 2014 08:24

Thank you for the idea FRANCOIS but I am not logged in... I tried in three different browsers (IE, Chrome and FF) and always the same result. Just to make sure I just now tried again after first clearing all cookies/cache and restarting the browser. Any other thoughts on why this is happening? Thanks, Matt

0 votesVote for this answer Mark as a Correct answer

Matt Hennig answered on May 9, 2014 08:56

Has anyone ever loaded a page from their Kentico site in an iframe on a different site with a different domain? If you have and it works, please let me know so that I know it is possible and then I can try and figure out what is going on with my page. If you have tried, and it did not work, I would also appreciate hearing about it so I know it is not just me!

It would also be great if someone from Kentico could respond to let me know if this is possible and if it is, what could I be doing wrong.

Thanks, Matt

0 votesVote for this answer Mark as a Correct answer

Vilém Jeniš answered on May 16, 2014 02:07 (last edited on May 16, 2014 02:56)

I have tried it and what you say is true. The reason why this happens is a security of the browser. Alought it would be perfectly fine it it just returned null instead of throwing an error.

The purpose of the script is to verify that a page is complete after a postback so it is generally loaded on pages which have update panels. It can comes most probably from a control you are using.

It is true that the script is not well suited for a page that is displayed in an frame in a page served from a different domain. I will discuss this topic with my colleagues and let you know of any results.

EDIT: I have submitted a bug into our system based on your problem.

0 votesVote for this answer Mark as a Correct answer

Matt Hennig answered on May 20, 2014 10:33

Thanks Vilem for looking into it and let me know if a hot fix is ever released for this issue.

As for a workaround for others that are finding this same problem... it is not really a "fix" but it stops the error from effecting the page and displaying a message to the user:

Just add this Javascript to the head section of the page and make sure it is as high up in that section as you can put it because it must be called before the JS that is causing the problem!

window.onerror = function(msg, url, lineNumber) {   
    if (msg.indexOf('Access is denied') >= 0) {
        return true; 
    } else {
        return false;
    }
};

This check of the error message is to allow other legitimate JS errors to still show up.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.