Well am trying to open a word document from office 365 inside my aspx page.
The url is included in an iframe,however the page keeps throwing an error message "This content cannot be displayed in a frame".
example code:
<iframe width="700" height="700" src='https://mysite.sharepoint.com/_layouts/15/WopiFrame.aspx?sourcedoc={13438738-FBFF-4F32-A680-4BF6D47F7682}&action=default'></iframe>
I have tried the following but with no luck:
Add <WebPartPages:AllowFraming runat="server" /> to SharePoint master page
Allow external iframes in HTML Field Security in office 365 site settings.
Add the office 365 SharePoint to trusted sites in internet explorer and enabling display mixed content
Add IHttpModule to my asp.net web application to adding headers for the X-Frame-Options HttpContext.Current.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
Deploying Ventigrate.Shared.PermissiveXFrameHeader feature on the office 365 SharePoint site
The thing is I have added
Ignore X-frame headers extension
to my google chrome and I was able to open the word document in google chrome only.
Also if I have change the action inside the url from default to interactivepreview the page will open in IE.
Nevertheless there is no extension for IE,but if there is a solution in google chrome that means there is a possibility to make it work for IE.
Any help would be highly appreciated.
Related
We included Google reCaptcha v3 in a custom login page that protects SharePoint. The solution works in all browsers except the embedded browser of Office applications. We receive the following error from Word if we try to login via the embedded browser after opening a document from SharePoint:
Your organization's policies are preventing us from completing this action for you. For more info, please contact your help desk.
reCaptcha uses an iframe to work. This iframe looks like this:
<iframe src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=xxxxx;size=invisible&cb=xxxx" width="256" height="60" role="presentation" name="a-o41nkahmlajt" frameborder="0" scrolling="no" sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox allow-storage-access-by-user-activation"></iframe>
I confirmed that iframes with a relative src URL work (e.g. "/otherpage/on/same/host.html").
From this source I know that Office does not allow the navigation to any non-https end point.
I confirmed this by changing production html like I described here.
We can't change settings on the end-user clients because they are guest users.
Does anyone know how to allow specific external addresses for iframes in Office application's embedded browser? Is there maybe an alternative on how to embedd reCaptcha?
We have SharePoint 2013 with Reporting Service add on.
We have ERP that can run SSRS reports in an IFRAME.
The ERP dns is ERP.OURDOMAIN.COM and SharePoint is SP.OURDOMAIN.COM
I have reports that has Go To URL Action to ERP.
Problem is that we need to open the link in a new window or into the IFRAME.
This would work with TARGET=_BLANK or eg. TARGET=_erpIFrame.
The problem is that for some reason SSRS adds TARGET="_TOP" to the Go To URL.
I tried to use javascript to open the link eg.
javascript:void(window.open('http://erp.ourdomain.com/default.aspx?ProjectCode=12345','_blank'))
The link works fine when I run it directly from the SharePoint 2013 report library.
But when report runs inside IFRAME in ERP server the link does not work at all.
When I click on the link nothing happens.
I do not know if it is the IFRAME and domain names that causes some IE11 security blocking. Or the fact that the link in HTML source looks like :
<a tabindex="1" class="A45592b6319f04852ae690abb779bfb4393a" href="javascript:void(window.open('http://erp.ourdomain.com/default.aspx?ProjectCode=12345','_blank'))" target="_top">12345</a>
Note that the last target="_top" is added by SSRS and I can not find any way to tell SSRS not to add it.
If I use a normal link http://erp.ourdomain.com/default.aspx?ProjectCode=12345 the link opens in _TOP and removes ERP navigation.
I also have tried adding target='_blank' in the report URL eg.
http://sp.ourdomain.com/_layouts/ReportServer/RSViewerPage.aspx?rc:LinkTarget=_blank&rv:RelativeReportUrl=/Reports/report.rdl
Or
http://sp.ourdomain.com/_layouts/ReportServer/RSViewerPage.aspx?rv:RelativeReportUrl=/Reports/report.rdl&rc:LinkTarget=_blank
But when I check the HTML source code on the report the link always has target="_top"
So the rc:LinkTarget has no effect.
Please help, is there no way to get this to work?
I got the rc:LinkTarget= working. It does not work after the report url if opened from sharepoint. But it does work if I use the reportserver URL.
I created a new web site using the default web-forms web site template that comes with Visual Studio 2012. Just went to File--> New Website --> C# --> Asp.Net Web Site, and let it create it's basic template.
Then I hit F5 to debug and it runs fine and I get that default welcome page with the aqua green block, etc... but when I add it to IIS and browse to it using localhost/WebsiteName in Chrome, the AdBlock plugin blocks all of the CSS and Images so all I see is black-and white un-styled text. When I disable AdBlock, the styling and images return and it looks normal just like it did when debugging.
I have a feeling it has something to do with the Bundle Referencing, but I'm not sure what's going on.
What specifically is AdBlock blocking?
Why isn't it blocking it when debugging through Visual Studio, only when browsed to it via localhost/WebsiteName?
What can I do to prevent users with AdBlock from having this content blocked when it is clearly not advertising?
I must assume you have a matching rule in your Adblock config. If you Go to Adblock - Options and turn on "I'm an advanced user, show me advanced options." you should then be able to reload your page and go to "Show the resource list" from the Adblock button. All items on the page will be displayed, the blocked items will be in red and the matching filter shown.
Good luck.
Thanks for the tip. It turns out that AdBlock blocks anything matching /advertising/* and the actual name of my app is "Advertising" because it will be an advertiser management system for my organization. Looks like I need to find a new name for that folder. When debugging is only went to localhost:5538/ but localhost/advertising/default.aspx got blocked because of the word "advertising" in the path.
I was trying to show Google Plus page for certain place in my AIR application using HTML control but HTML control displays page with error code 400. Same url can be opened in browser without any errors. I have also tried to load content using URLLoader and got same error 400.
What can be different between browser and AIR? Is it possible that Goole can detect out of browser http requests and prevent them?
The website may be blocking the following:
Frame attempts
Specific User Agents
Unknown User Agents
References
Are you using a robots.txt File?
Clickjacking Security Advisory
I have an old Facebook app that installs on Facebook Pages. The tab page is not being hosted in an iframe, but instead Facebook is embedding the HTML into their website (I think this is called FBML). How do I change the tab to be hosted in an iFrame like the new Apps do.
Thanks,
As of this writing, to change your tab to work as an iFrame instead of embedded HTML, you have to go to your app settings - advanced and under Migration enable Page Tab iFrames.
I beleive what you are referring to is one of the old "static FBML" applications that used to be around.
...tab page is not being hosted in an iframe, but instead Facebook is embedding the HTML into their website...
It would let you paste your FBML (Facebook Markup Language) code into a textarea in the settings of the static FBML app.
This is no longer a feasible option as Facebook has deprecated and is in the process of removing FBML.
FBML has been deprecated. Starting June 1, 2012 FBML apps will no longer work as all FBML endpoints will be removed...
What I believe you'll have to do is re-write your application utilizing the newer JavaScript/PHP SDK's (or any of the other non-official SDK's that are out there). You'll have to create a new app of your very own and then add it to your pages.