Skip to main content

*** Archive *** x-frame error when embedding a KTA form into an iFrame

Article # 301902 - Page views: 389




When displaying a KTA form in an iFrame I get the following error;
    Refused to display xxx in a frame because it set 'x-frame-options' to 'sameorigin'


By default KTA forms are setup so they cannot be embedded in any applications apart from KTA. However, this can be changed.

Locate the below line in the web.config
    <add name="X-Frame-Options" value="SAMEORIGIN" />

Change this to below where hostname is the web server of the application accessing the KTA form
    <add name="X-Frame-Options" value="ALLOW-FROM http://hostname" />

Do not set the "X-Frame-Options" to be "AllowAll" as this can lead to a security risk called ClickJacking

Keywords: iframe, form, x-frame, web.config, X-Frame-Options, SAMEORIGIN, embedded, ALLOW-FROM