Embed Nextcloud 17 (ubuntu) as an iframe on a wordpress site

Embed Nextcloud 17 (ubuntu) as an iframe on a wordpress site

error: hat Sie zu oft weiter geleitet

< iframe src=“https://…/login” name=“Cloud” width=“95%” height=“100”>Ihr Browser kann leider keine eingebetteten Frames anzeigen:
Sie können die eingebettete Seite über den folgenden
Verweis aufrufen:


Have you seen this nice little search function in the upper right corner of the screen? It allows to find answers on questions which have already been answered, e.g.

I have made the changes described above including the response.php file on Nextcloud 18.0.1. Unfortunately without success.
I want to display a shared folder of Nextcloud within Joomla in an iframe.
I also changed the .htaccess and httpd.conf. This also did not lead to the desired success.
Can you help me?

Current status:
Today it showed the header and footer in the iframe, but no files. After I connected with WebDav - the display with iFrame consequently didn’t work anymore. Then the error “Error: Redirection error” occurred again.
The URL of my test page is: scu.planet-danner.de
A pity.
Greeting Mida

Hello, everybody,
the iframe on another page works for me as long as nobody is logged in directly on the nextcloud page. Hm, I have always tested it from the same PC - maybe that’s the problem - but with different browsers. The behaviour is strange.
I hope that there will be a working solution.

What’s the Content-Security-Policy (et similia) header of your Nextcloud?

I ask because the defaults are not kind at all towards iframe inclusion:

sorry for late answering. Here is the .htaccess file content of my NextCloud root directory

<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
<IfModule mod_fcgid.c>
SetEnvIfNoCase ^Authorization$ “(.+)” XAUTHORIZATION=$1
RequestHeader set XAuthorization %{XAUTHORIZATION}e env=XAUTHORIZATION
<IfModule mod_proxy_fcgi.c>
SetEnvIfNoCase Authorization “(.+)” HTTP_AUTHORIZATION=$1
<IfModule mod_env.c>

# Add security and privacy related headers
Header always set Referrer-Policy “no-referrer”
Header always set X-Content-Type-Options “nosniff”
Header always set X-Download-Options “noopen”
#Header always set X-Frame-Options “SAMEORIGIN”
Header always append X-Frame-Options “ALLOW-FROM=scu.planet-danner.de 4”
Header always set X-Permitted-Cross-Domain-Policies “none”
Header always set X-Robots-Tag “none”
Header always set X-XSS-Protection “1; mode=block”
SetEnv modHeadersAvailable true
# Add cache control for static resources
<FilesMatch “.(css|js|svg|gif)$”>
Header set Cache-Control “max-age=15778463”

# Let browsers cache WOFF files for a week:
<FilesMatch “.woff2?$”>
Header set Cache-Control “max-age=604800”
<IfModule mod_php7.c>
php_value mbstring.func_overload 0
php_value default_charset ‘UTF-8’
php_value output_buffering 0
<IfModule mod_env.c>
SetEnv htaccessWorking true
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} DavClnt
RewriteRule ^$ /remote.php/webdav/ [L,R=302]
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/webfinger /public.php?service=webfinger [QSA,L]
RewriteRule ^.well-known/nodeinfo /public.php?service=nodeinfo [QSA,L]
RewriteRule ^.well-known/carddav /remote.php/dav/ [R=301,L]
RewriteRule ^.well-known/caldav /remote.php/dav/ [R=301,L]
RewriteRule ^remote/(.) remote.php [QSA,L]
RewriteRule ^(?:build|tests|config|lib|3rdparty|templates)/. - [R=404,L]
RewriteCond %{REQUEST_URI} !^/.well-known/(acme-challenge|pki-validation)/.*
RewriteRule ^(?:.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
<IfModule mod_mime.c>
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
<IfModule mod_dir.c>
DirectoryIndex index.php index.html
AddDefaultCharset utf-8
Options -Indexes
<IfModule pagespeed_module>
ModPagespeed Off

Can you show me an easy way to post code here?

start with ```pre and stop with ``` each on a line by themselves

thank you :slight_smile:

Hi @MiDa,

I’ve managed to do this when I put the domain of a page where I wanted to embed Nextcloud in the “allowedFrameAncestors” list of ContentSecurityPolicy.php. This is really ugly hack, but it works. Also, check with browser developer tools if there is no other policy that forbids the inclusion.

Thank you.
Unfortunately I could not try your tip. At the moment I’m trying to get NC20.0 running on Ubuntu 20.04 without errors. I will try your tip here :slight_smile:
Sorry for the late answer .

This does not work for me on nextcloud 20

@thoosogo You might have seen that this thread has already been marked as “solved”, therefore please OPEN A NEW THREAD with all required information about your environment, used software versions and a DETAILED DESCRIPTION what you plan to do, what you’ve already tried with which result, etc., etc.