nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

Embedding OAS Dashboard in an iFrame on another subdomain

Rav Singh

My requirement is to embed OAS dashboard in an iFrame on a web page hosted on a different subdomain.

OAS version - 2024.

Currently the dashboard is not loading and giving error:

-Refused to display 'https://oas.xyz.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Does OAS have any security setting where I can modify the frame options/frame ancestors settings?

Find more posts tagged with

Accepted answers

Gianni Ceresa

Is the page doing the embedding behind something? F5, proxy or anything else? Because if yes, the domain you add in OAS could maybe be that one, not the F5 or proxy etc. Or maybe all of them, as in theory the embedding is done by the browser that sees those sites at their “public” address (not fully sure with such a complexity).

All the layers add complexity, making debugging quite annoying and not so simple.

Gianni Ceresa

In OAS SSO is managed fully outside OAS, by your OHS (or any other proxy you have in front).
Therefore you can look at how to set that header in your OHS config, you should have a place where you handle the SSO piece and then proxy to OAS.

Rav Singh

Thanks @Gianni Ceresa.

This is working after adding Content-Security-Policy: frame-ancestors, in OHS httpd.conf.

All comments

Gianni Ceresa

Rav Singh

Thanks @Gianni Ceresa.

This is working after adding Content-Security-Policy: frame-ancestors, in OHS httpd.conf.

Mike Durran-Oracle

Could your authentication provider be blocking the login screen appearing in the iFrame? This is quite common.

Shah Rukh Ali

Hi,

I am able to access the OAS login page inside an IFRAME on my other application. We are following Oracle’s guidance, and they provided the following workaround:

HTTP Server

With this, I can now access the login page. However, when I try to authenticate, OAS gets authenticated, but the login page redirects to another URL and shows “refused to connect.”

At the same time, if I open the OAS URL in a separate tab, I can see that OAS is authenticated. But inside the IFRAME, nothing is displayed after authentication, as shown in the screenshot below.

Please suggest.

Gianni Ceresa

Hi @User_786CW ,

You posted your question as reply to 2 threads that are already a year old.

It would be better if you post it as a new question, and you provide all the information for others to understand your situation without having to guess what has been done or not.

Useful information are the products involved, their version, what you are trying to achieve, what have you done and how so far and what is the current situation. The more you describe the situation, the more chances you have to get an answer that could make sense. Otherwise just the common generic replies will come, and you will not really get anything useful out of it. :)