Overview
Using the <iframe> tag is a quick way to embed outside content inside of Jive. However, there are a number of caveats and basic troubleshooting steps to consider when trying to bring content into Jive or into another site. This document will go over the core basics you need to understand.
Information
Setup
Using iframe within HTML Widgets and Tiles
In order to use <iframe> tags within HTML Widgets, you will need to ensure that the user modifying the HTML Widget has at least one of the following permissions:
Permission Name | Permission Fastpath | Notes |
---|---|---|
Full Access | Admin Console: Permissions > System Administration | |
Manage Community | Admin Console: Permissions > System Administration | |
Manage System | Admin Console: Permissions > System Administration | |
Save JavaScript | Admin Console: Permissions > Home Page Permissions / Other Content Permissions | Only available in Jive 9.0+ |
Space Administrator | Admin Console: Permissions > Space Permissions | Only applies to Spaces and their Subspaces. |
Using <iframe> within the Rich Text Editor (RTE)
RTE in this context refers to any piece of content in Jive using the Rich Text Editor (i.e. not a basic text box).
By default, Jive will strip out your <iframe> tags when publishing your content. It is possible to get around this, but not without completing the following setup steps first:
- Go to Admin Console: Spaces > Settings > Filters and Macros > HTMLFilter
- Remove "iframe" from the "List of Tags to be removed"
- Note: Changes to this field will require you to restart your Web Apps
- Add your intended domain name to the "Allowed Domains" list
- Click on "Save Properties" at the bottom left-hand side of that page
- Restart your Web Apps
- Note: You only need to restart the Web Apps, so a rolling restart will suffice
Diagnosis
Why is my iframe getting stripped out?
If you find that your <iframe></iframe> block is being stripped out on Publish/Save, you most likely missed a step in the Setup section above. Please review the appropriate steps and ensure you are following them correctly.
Why is the src=
attribute for my iframe getting stripped out?
If you find that your <iframe></iframe> block is not being stripped out but your src=
attribute is being removed, then you are most likely using a domain name that is not in the Allowed Domains list under Admin Console: Spaces > Settings > Filters and Macros > HTMLFilter.
Add the domain name to that list, save the changes and try it again.
Why is my iframe still being blocked?
Mixed Content Errors
- This error applies to more than just <iframe> tags, but if you find yourself with the following error message.
Mixed Content: The page athttps://community.mydomain.com/groups/social-group/overview
;was loaded over HTTPS, but requested an insecure resourcehttp://something.otherdomain.com
. This request has been blocked; the content must be served over HTTPS.
- It means that your web browser is intentionally blocking your content because you are trying to call an insecure (http://) resource into a secure (https://) site. You will have to adjust every referenced resource to use https:// and that may not be possible in some circumstances, depending on what you are linking to.
- If the site hosting this content does not support SSL (https://) at all, then it will give you some kind of server error stating this and you will be forced to either get the host to install SSL on their site or move the content to a site that supports SSL. This is not an error caused by Jive, but an internet standard and one that Jive has no control over it.
X-Frame-Options Errors
- The following error can apply to any domain being placed within an <iframe> inside of Jive that has specific
SAMEORIGIN
settings.
Refused to display https://community.mydomain.com
;in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
You will need to use your web browser's console to locate the external URL that causing the error. As a workaround, you can set the properties below to remove these errors (Jive Cloud customers will need to contact Support for this change).
-
jive.xframeoptions.enabled
totrue
- Add the external URL from the different domain that is triggering the error to
jive.xframeoptions.exclude.uris
.
Note that this property's value can include multiple comma-separated URLs.
For example, the value can be/resources/add-ons,/gadgets/ifr,/gadgets/proxy,/thirdparty/analytics,/api/core/v3/statics/create.txt
.
More information on the X-Frame-Options Errors
- If you are curious to learn more about this header, please see X-Frame-Options - HTTP | MDN.
- If this is a third-party site that is being blocked, then you will have to contact the host to change their X-Frame-Options header or move the content to a site that has a more favorable X-Frame-Options configuration.
Comments
0 comments
Article is closed for comments.