Hi,
I am trying to get rocket chat to integrate with Zimbra 8.8.15 - https://github.com/Zimbra-Community/zimbra-rocket, but I am running into an issue with the iframe.
Even though it does create users and when I open the rocket chat url in another tab it opens fine. When I try to open it in the iframe then it complains with the console error "Refused to display 'https://rocketchat.mydomain.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'." My mail server is on the same base domain - mydomain.com in this example, but a different subdomain.
While I am guessing the issue is being on a different subdomain, how did anyone get this to work?
Many thanks for any help you can give.
John
P.S. I am sorry if this is the wrong place for this, but I couldn't think of anywhere else!
Rocket Chat Zimlet IFrame not allowed in modern browsers
- barrydegraaff
- Zimbra Employee
- Posts: 98
- Joined: Tue Jun 17, 2014 3:31 am
- Contact:
Re: Rocket Chat Zimlet IFrame not allowed in modern browsers
It is still working, but if you use different sub-domains (aka zimbra.example.com rocket.example.com)
you must set the correct headers for CORS in your proxies.
You may no longer be able to use X-Frame-Options.
[ https://developer.mozilla.org/en-US/doc ... me-Options | https://developer.mozilla.org/en-US/doc ... me-Options ]
As allow-from uri is obsolete when using X-Frame-Options
If that is indeed an issue for you, consider using ` Content-Security-Policy "frame-ancestors`
In apache:
Header set Content-Security-Policy "frame-ancestors 'self' your-domains-here.org;"
To debug, use your browser developer console (F12)
Also:
As of Rocket Chat version 2.1.0 you must set the CREATE_TOKENS_FOR_USERS environment variable for this integration to work. If you use snaps:
echo "CREATE_TOKENS_FOR_USERS=true" > /var/snap/rocketchat-server/common/create-tokens.env
sudo systemctl restart snap.rocketchat-server.rocketchat-server.service
you must set the correct headers for CORS in your proxies.
You may no longer be able to use X-Frame-Options.
[ https://developer.mozilla.org/en-US/doc ... me-Options | https://developer.mozilla.org/en-US/doc ... me-Options ]
As allow-from uri is obsolete when using X-Frame-Options
If that is indeed an issue for you, consider using ` Content-Security-Policy "frame-ancestors`
In apache:
Header set Content-Security-Policy "frame-ancestors 'self' your-domains-here.org;"
To debug, use your browser developer console (F12)
Also:
As of Rocket Chat version 2.1.0 you must set the CREATE_TOKENS_FOR_USERS environment variable for this integration to work. If you use snaps:
echo "CREATE_TOKENS_FOR_USERS=true" > /var/snap/rocketchat-server/common/create-tokens.env
sudo systemctl restart snap.rocketchat-server.rocketchat-server.service
Who is online
Users browsing this forum: No registered users and 4 guests