Skip to main content
Nintex Community Menu Bar

I have been trying to embed a Nintex 2016 Form in an iframe on a non-SharePoint web-page and receiving the following error in console.

Uncaught DOMException: Blocked a frame with origin "server.com" from accessing a cross-origin frame.

Complete error in console attached.

This only occurs in Chrome and Firefox, IE works fine.

Nintex 2013 Forms works fine in all browsers.

I have tried numerous master-page edits, Nintex javascript edits but it still won't load in an iframe.

After some more testing, it seems to be anything from SP2016 trying to load in an iframe, is blocked by Chrome and FireFox.

Has anyone seen this or has used a fix for this security block?

 

 

 


I figured it out.



The actual error pertains to RenderSuiteNav.



From reading this blog post: https://skodvinhvammen.wordpress.com/2017/03/17/sharepoint-hybrid-app-launcher-explained/  it mentions this line in the masterpage:



<SharePoint:DelegateControl id="ID_SuiteBarDelegate" ControlId="SuiteBarDelegate" runat="server" />



Once deleted, the iframe displays correctly.



 


Normally, scripts on different pages are allowed to access each other if and only if the pages they originate from share the same protocol, port number, and host. Above error message shows that you can't access an < iframe > with different origin using JavaScript/jQuery, it would be a huge security flaw if you could do it.



 



window.postMessage() provides a controlled mechanism to securely circumvent this restriction.



 


Hello, do you have any examples of using window.postmessage()?



 



We've also been looking at modifying the web.config file for the site collection and adding Access-Control-Allow-Origin: http://<site name>.com to <system.webServer><httpProtocol><customHeaders> section. Has anyone tried this method? 



 



Deleting the DelegateControl section on a master page seems a little risky to me.



 


My work-around to display a nintex form in an iframe is the following steps:



1: copy the master-page



2: hide/remove the delta suitebar.



3: create a web-part page and specify that custom master page.



4: add nintex form web part to web part page.



5: strip out all sharepoint ribbon and left nav using CSS, so all that remains is the nintex form.



6: add .aspx web part page to an iframe to be used on another site.


Reply