• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 9 replies
  • Subscribers 18 subscribers
  • Views 7917 views
  • Users 0 members are here
Options

Embedding Microsoft SharePoint or OneDrive iframe?

Jillian Bejtlich

We've had a few requests from employees to find a way to embed an iframe from SharePoint or OneDrive (of an Excel file) within our community? Both Microsoft platforms provide the iframe code, but when we try to put in the community, it's not working. I can't figure out if it's our Microsoft settings, how Telligent is handling the code, or if this just doesn't work at all. Does anyone know?

Really our users just want to be able to embed an Excel file that can be sorted and filtered.

Thanks!

Parents
  • Former Member
    +1 Former Member

    iframes are disabled by default, if you want to allow them the setting is in Administration > Moderation > Filtering > Files and Url Embedding > Frames.

  • 0 in reply to Former Member

    This was the first thing we did. We can get certain types of embedded iframes to work, but nothing from Microsoft. I'm trying to understand where the limitation is: Microsoft permissions, our restrictions, or the community itself.

  • +1 in reply to Jillian Bejtlich

    Do you see anything where the iframe should be like a message that the content is being blocked? This may also show up in the browser console/developer tools.

    Much like the Community platform, it's common for sites to render content security policy header to prevent their site/content to be loading within an iframe. This is for security to avoid things like clickjacking and xss. If the product allows it, the administrator can select which sites to allow the site to be loaded within. So in this case, if this is what is happening, you would add "yourcommunity.com" to the allowed sites within the SharePoint administration - assuming its possible.  

    Again, Im not positive that is what is happening here but very likely if the snippet is an iframe vs an embed code. Is it possible to share the site? If not here, privately?

  • 0 in reply to Kevin Cunningham

    I'm glad you mentioned looking at the console. Sure enough, here's what I'm seeing (with sections I had to redact): Mixed Content: The page at '[redacted]' was loaded over HTTPS, but requested an insecure resource '[redacted]'. This request has been blocked; the content must be served over HTTPS.

    Our site is HTTPS... so does that mean the other one isn't?

  • 0 in reply to Jillian Bejtlich

    Correct, the redacted link in 'The page at [redacted]' is http but should https.

Reply Children
  • 0 in reply to Kevin Cunningham

    Ok. And I just verified. It's definitely not secure, and this makes a lot more sense now. Embedding a HTTP into an HTTPS is certainly not a great security strategy. At least this is something I can address (or attempt to) now. Thank you for the help!

  • 0 in reply to Jillian Bejtlich

    Assuming you trust the site, you can allow this content to confirm it will work eventually when its https. The browser is blocking this for your safety but you can allow it temporarily for this site only. For example, in Chrome click the "Not Secure" next to the url and goto 'Site Settings' (at the bottom) and scroll to bottom and allow 'Insecure Content'. Again, this is only adjusting this value this one site/domain, not a global setting.

    Chrome:

    Firefox:

  • 0 in reply to Kevin Cunningham

    Just tried and it's still being blocked. At least I know why this wasn't working now, and that's more than half the battle. Thank you for your suggestions!

  • 0 in reply to Jillian Bejtlich

    It could now be the original issue mentioned - content security policy. No problem, HTH.

About
Privacy Policy
Terms of use
Copyright 2024 Verint, Inc.
Powered by Verint Community