Implement iFrame on Nextcloud 24

Agent-Orange · July 14, 2022, 4:42pm

I would to like to use an iFrame on my Nextcloud which is poiting to the web front-end of my Mesh-Central VM. I was able to create iFrame on NC but I cannot open it, Firefox is showing an error message that it cannot show this embedded site.

I saw several guides and posts for that but it seems they all wont work on NC24.

e.g SOLVED: Nextcloud 16 - How to allow iFrame usage - #15 by dtownes

Can someone tell me how to achieve that?

jayb · September 21, 2022, 11:39am

Hi,

I was struggeling with this topic as well and wanted to share how I made it work eventually with my NC24. The issue for me was that my apache configuration somehow got quite messy and multiple directives contradicted eachother. There are the “core” apache config files that you usually find in /etc/apache2/, the .htaccess files that can be stored in your /var/www/ folders and then there is the nextcloud directives in several configuration .php files (as e.g. /var/www/nextcloud/lib/public/AppFramework/Http/ContentSecurityPolicy.php).

From my understanding ideally you want to end up with

Header always set X-Frame-Options "SAMEORIGIN"
Header set Content-Security-Policy "frame-ancestors 'self' 'your_domain_name';"

In the standard case (meaning that the config files do not contradict eachother in a weird way because you might have fiddled around with them too much as it was the case for me) you can achieve this by simply modifiying your “/var/www/nextcloud/lib/public/AppFramework/Http/ContentSecurityPolicy.php” file and add the domain you want to access your nextcloud from to the allowedFrameAncestor list.

protected $allowedFrameAncestors = [
                '\'self\'',
                'your_domain_name',
        ];

In my case I had a

Header unset Content-Security-Policy

somewhere so that this didn’t have an effect initally.

I guess the bottom line is: you might just want to check that your config files are not contradicting eachother.

Hope this helps someone.

Cheers

Christophe_Rillaerts · June 2, 2023, 1:14pm

Thank you Jayb ! This helped for sure, also on Nextcloud 26

jdsklajD · October 24, 2023, 12:29am

@jayb can you be more specific about which files you had to edit and how? Which file in /etc/apache2/? what did you change in the .htaccess file in the /var/www/ folder? and what line or lines in /var/www/nextcloud/lib/public/AppFramework/Http/ContentSecurityPolicy.php?

In while file is the following text located?
Header always set X-Frame-Options “SAMEORIGIN”
Header set Content-Security-Policy “frame-ancestors ‘self’ ‘your_domain_name’;”

Merci