x-frame error when embedding a KTA form into an iFrame
Summary
13121
Problem
When displaying a KTA form in an iFrame I get the following error;
Refused to display xxx in a frame because it set 'x-frame-options' to 'sameorigin'
Solution
By default KTA forms are setup so they cannot be embedded in any applications apart from KTA. However, this can be changed.
Locate the below line in the web.config
<add name="X-Frame-Options" value="SAMEORIGIN" />
Change this to below where hostname is the web server of the application accessing the KTA form
<add name="X-Frame-Options" value="ALLOW-FROM http://hostname" />
Do not set the "X-Frame-Options" to be "AllowAll" as this can lead to a security risk called ClickJacking
Keywords: iframe, form, x-frame, web.config, X-Frame-Options, SAMEORIGIN, embedded, ALLOW-FROM