umbraco form refused to display. x-frame-options same origin
hi everyone
During the past couple of weeks, i have been trying to update our Umbraco installation from 7.1.8 to 7.5.6.
i have been using the upgrading manuals/guides on our to do this manually.
All in all this seems like i finally got the site up and running as the 7.5.6 version. on the old version 7.1.8. we used forms v.4.00 and this i have now upgraded to v4.4 and this also seems like everything is working.
however i have one problem.
we have some forms that is not rendering in the frontend anymore. in the console it says 'Refused to display 'example.com' in a frame because it se 'X-frame-options' to 'SAMEORIGIN'
about the form implementation in the backoffice:
the form is inserted in a rte as macro, this is published and the url is used to be displayed in an iframe in xslt. im not sure if this the problem, as i have no experience with xslt.
i have tried all sorts of solutions, provided by this forum and stackoverflow, editing web.config to allow sameorigin in custom headers section or allow a specific domain. tried adding to umbracoSettings.config.
also tried adding 'iframe[src|align|frameborder|height|width|name],' to tinyMceConfig.config. all seems to have no effect and i all out of ideas now.
ill paste the xslt code here. <xsl:when test="@nodeTypeAlias = 'ExamplecomLandingPageFormIntegration'">
<section class="content">
<div class="container">
<iframe src="{urlToUmbracoForm}" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" width="100%" height="{iframeHeight}" style="border: 0;"></iframe>
</div>
</section>
</xsl:when>
i tried adding the sandbox element to this as well, this had no effect either.
i dont understand why this does not work in the new updated versions of umbraco and forms. hope someone can enligten me on this.
extra information.
our umbraco website code is integrated with another site, where the url to the umbraco documents is tied together. (i only developing in the umbraco site, so sadly i dont know much about the "backend site")
basic our site is named example.com and the backend site is named shop.example.com.
and then we have a mirrored development site named: testexample.com and the backend site is: developexample.com
the form is then added as landing page like this 'shop.example.com/landingpagewithform' where the form should be rendered.
a wierd thing i found out was that if provided a url for the wrong umbraco installation, for example in the shop.example.com is connected to example.com, but if the url on the form pointed to testexample.com that actually works and the form is rendered. mindblowing! but using forms from totally different umbraco installation does not 'seem legit' so to speak.
i have found a solution to the problem.
In the /Views/Partials/Forms/ there i found form.cshtml in here i remvoed the @Html.AntiForgeryToken() line.
and suddenly the form is rendered without the x-frame-options refused to display error.
this is probably not secure or 'best practice'. but right now it seems part of the problem for me, when upgrading from forms 4.0 to 4.4.
umbraco form refused to display. x-frame-options same origin
hi everyone During the past couple of weeks, i have been trying to update our Umbraco installation from 7.1.8 to 7.5.6. i have been using the upgrading manuals/guides on our to do this manually. All in all this seems like i finally got the site up and running as the 7.5.6 version. on the old version 7.1.8. we used forms v.4.00 and this i have now upgraded to v4.4 and this also seems like everything is working.
however i have one problem. we have some forms that is not rendering in the frontend anymore. in the console it says 'Refused to display 'example.com' in a frame because it se 'X-frame-options' to 'SAMEORIGIN'
about the form implementation in the backoffice: the form is inserted in a rte as macro, this is published and the url is used to be displayed in an iframe in xslt. im not sure if this the problem, as i have no experience with xslt.
i have tried all sorts of solutions, provided by this forum and stackoverflow, editing web.config to allow sameorigin in custom headers section or allow a specific domain. tried adding to umbracoSettings.config. also tried adding 'iframe[src|align|frameborder|height|width|name],' to tinyMceConfig.config. all seems to have no effect and i all out of ideas now.
ill paste the xslt code here.
<xsl:when test="@nodeTypeAlias = 'ExamplecomLandingPageFormIntegration'"> <section class="content"> <div class="container"> <iframe src="{urlToUmbracoForm}" sandbox="allow-same-origin allow-scripts allow-popups allow-forms" width="100%" height="{iframeHeight}" style="border: 0;"></iframe> </div> </section> </xsl:when>i tried adding the sandbox element to this as well, this had no effect either.i dont understand why this does not work in the new updated versions of umbraco and forms. hope someone can enligten me on this.
extra information. our umbraco website code is integrated with another site, where the url to the umbraco documents is tied together. (i only developing in the umbraco site, so sadly i dont know much about the "backend site") basic our site is named example.com and the backend site is named shop.example.com.
and then we have a mirrored development site named: testexample.com and the backend site is: developexample.com
the form is then added as landing page like this 'shop.example.com/landingpagewithform' where the form should be rendered.
a wierd thing i found out was that if provided a url for the wrong umbraco installation, for example in the shop.example.com is connected to example.com, but if the url on the form pointed to testexample.com that actually works and the form is rendered. mindblowing! but using forms from totally different umbraco installation does not 'seem legit' so to speak.
i have found a solution to the problem. In the /Views/Partials/Forms/ there i found form.cshtml in here i remvoed the @Html.AntiForgeryToken() line. and suddenly the form is rendered without the x-frame-options refused to display error.
this is probably not secure or 'best practice'. but right now it seems part of the problem for me, when upgrading from forms 4.0 to 4.4.
Hi,
Did you find a better solution about it? I have experiece the same problem.
is working on a reply...