[kilmerlopez96]

I have created an application with angular 12 and added an iframe
placing the src the url that I built according to the documentation,
something similar to the following:
http://10.xx.xxx.xxx/sysworkflow/en/neoclassic/cases/cases_Step?TYPE=DYNAFORM&UID=3708440156247793ecf4cc1052124142&POSITION=2&ACTION=EDIT

but it gives me the following error

You have lost your session and you have to log in again

does anyone know how to solve it?

[ronrich]

Hello kilmerlopez96,

I got the iframe working with the following configuration:

Code: Select all

#add_header X-Frame-Options SAMEORIGIN;

#add_header Content-Security-Policy "frame-ancestors 'self' ";
#add_header X-Content-Security-Policy "frame-ancestors 'self' ";

On the other hand, if this seems to not be secure, then you add this one:

Code: Select all

Content-Security-Policy: frame-ancestors 'self' https://midomain.com https://*.midomain.com 

I hope this helps

[kilmerlopez96]

Hello, I did not mention it before but the environment consists of 2 different servers (WebAPP and PM server)
We already applied your line in Apache2's HTTPD.CONF file like this:

<Directory />
Header set Content-Security-Policy "frame-ancestors 'self' 'http://localhost'"
</Directory>

but then the Iframe is no longer showing (With Connection Refused error). Also, the browser console returns:

Refused to frame 'http://PMserverIP/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'".