Page 1 of 1

Rocket Chat Zimlet IFrame not allowed in modern browsers

Posted: Mon Feb 03, 2020 10:07 pm
by jpmob

I am trying to get rocket chat to integrate with Zimbra 8.8.15 -, but I am running into an issue with the iframe.

Even though it does create users and when I open the rocket chat url in another tab it opens fine. When I try to open it in the iframe then it complains with the console error "Refused to display '' in a frame because it set 'X-Frame-Options' to 'sameorigin'." My mail server is on the same base domain - in this example, but a different subdomain.

While I am guessing the issue is being on a different subdomain, how did anyone get this to work?

Many thanks for any help you can give.


P.S. I am sorry if this is the wrong place for this, but I couldn't think of anywhere else!

Re: Rocket Chat Zimlet IFrame not allowed in modern browsers

Posted: Fri Feb 07, 2020 10:22 am
by barrydegraaff
It is still working, but if you use different sub-domains (aka
you must set the correct headers for CORS in your proxies.

You may no longer be able to use X-Frame-Options.
[ ... me-Options | ... me-Options ]
As allow-from uri is obsolete when using X-Frame-Options

If that is indeed an issue for you, consider using ` Content-Security-Policy "frame-ancestors`

In apache:
Header set Content-Security-Policy "frame-ancestors 'self';"

To debug, use your browser developer console (F12)

As of Rocket Chat version 2.1.0 you must set the CREATE_TOKENS_FOR_USERS environment variable for this integration to work. If you use snaps:

echo "CREATE_TOKENS_FOR_USERS=true" > /var/snap/rocketchat-server/common/create-tokens.env
sudo systemctl restart snap.rocketchat-server.rocketchat-server.service