Pages Preview Failing to Load iFrame

Lesley Cook asked on April 9, 2024 16:11

For additional context I am trying to run the cms locally for development purposes. I have it configured to use a self signed cert. I have HTTPS working for the site and cookies are not being blocked by the browser. I have also added the CMSAdminCookiesSameSiteNone to my web.config file. When I select a page to open the preview it makes a request to our development domain and returns the error: 'Refused to frame 'https://development.obfusticatedDomainName.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".'

I am attempting to setup my dev environment and have not been able to get it running thus yet. Let me know if you require additional information.

Edit: I believe the error is arising from the cross-site request (localhost -> development) but I can't seem to find where this request is being handled. The network request is made under the following: https://development.obfusticatedDomainName.com/KenticoCookiePolicyCheck?origin=https%3a%2f%2flocalhost&cookieName=KenticoCookiePolicyTest&cookieValue={obfusticatedCookieValue}

Recent Answers


Juraj Ondrus answered on April 10, 2024 06:36

Isn't it possible that you have some CSPs set in the web.config files and you forgot to remove/update them to match your local development domains?

0 votesVote for this answer Mark as a Correct answer

Lesley Cook answered on April 16, 2024 19:49

@Juraj No luck. Changing the CSP's doesn't actually affect the request that's being made. Regardless of the CSP it will use the same Headers. Looks like the middleware is overwriting the web.config file. For more context we are on Kentico 13.0.97 and x.x.98 references some changes to fix a very similar or the same issue. Any ideas?

0 votesVote for this answer Mark as a Correct answer

Juraj Ondrus answered on April 18, 2024 12:25

This is really hard to tell without being able to reproduce the issue. Way too many unknown variables. It might be also something on the network, IIS setup - some request filtering verbs might be not allowed.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.