You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Refused to Frame because ancestor violates the following Content Security Policy directive

Web Client Version 11 Self-Hosted Integrations
Updated January 24
posted on December 5, 2023

Hello Everyone. I'm working on embedding Laserfiche into one of my web apps. I can get it working in my production environment, but my dev environment gives me trouble. I get this error when loading a document if I have not signed in already. 
Refused to frame 'https://MyLFDSserver.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors *.MyDomain.com".
If I have already signed in to my dev repo, it works. no error. I only get this error if I have not signed in yet. 
I have researched the error and I was not getting anywhere. Does anyone know how to get this working? If I embed my production environment, I get the normal login screen. 
Thanks. 

0 0
replied on January 24

Thank you Samuel. 

This resolved the issue for us as well.

0 0
replied on December 5, 2023 Show version history

I'm going to guess your Dev environment LFDS/LFDSSTS was updated to LFDS 11 Update 5 while Prod has an LFDSSTS instance on 11 Update 4 or earlier, because that sounds almost exactly like this:

  • When the "Allowed IFrame Hosts" configuration value is blank (the default), it now defaults to allowing URLs on AD domain of the STS machine (e.g., example.com). Specifically, when the value is blank, LFDSSTS sends a Content-Security-Policy (CSP) HTTP header that includes "frame-ancestors *.example.com;". Previously, in LFDS 11 Update 4, when the "Allowed IFrame Hosts" value was blank Directory Server did not send a CSP header. (430154)

In any event, start by going to https://lfdsstsInstance.example.com/LFDSSTS/configuration and add a custom "Allowed IFrame Hosts" value with "*.MyDomain.com whereverYourWantToEmbedTheLoginPage.example.com" (space delimited list of hosts) and see if that resolves the issue.

I have researched the error and I was not getting anywhere.

Checking the last few List of Changes support site articles (patch notes) for the application in question is always a good idea. The searchability of their content is... not great, so I've made of habit of explicitly pulling them up to review. It's a practice that takes a few minutes each time and has saved me many, many hours of avoidable troubleshooting.

1 0
replied on December 6, 2023

Thanks, Samuel, you are close. I have 1 LFDS instance for both prod and dev. I did just recently update LFDS. My dev environment is on a different site which is why I think I'm getting the error. I searched all over the internet sites like Answers and StackOverflow but I did not look at patch notes. I will next time. 
Now that I know where to make the configuration change, I'll give it a try and let you know. 

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...