none
After changing settings in IIS -SharePoint's few modal pages are not working in chrome RRS feed

  • Question

  • Hi All, 

    Currently we implemented below in IIS for clickjacking: We added allow-from *.ABC.Sg at IIS level in Xframe header options.

    Now in Chrome browser, As few of the Sharepoint pages were not working, we have added "<WebPartPages:AllowFraming runat="server"></WebPartPages:AllowFraming>"

    Few pages worked with above line but pages like chcekin.aspx, Upload.aspx are not working with this approach. Please suggest if anyone faced this issue and if can find a workaround  . When we try to check in any document after check in pop up is done, it shows following pop up. Same with upload.aspx page

    

    Thursday, November 14, 2019 6:35 AM

All replies

  • Hi,

    In SharePoint 2013 server, you can go to "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\template\layouts" find the the checkin.aspx and upload.aspx files and add the following line of code in page.

    <WebPartPages:AllowFraming runat="server"></WebPartPages:AllowFraming>"

    SharePoint and iFrames (This content cannot be displayed in a frame)

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, November 15, 2019 2:55 AM
    Moderator
  • I added above line but it did not resolve the issue.
    Tuesday, November 19, 2019 3:19 AM
  • Hi,

    Please add the above line into the master page to check if it works.

    Best regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, November 20, 2019 9:41 AM
    Moderator
  • Unfortunately we cant add above line in master page as there are more than 50 site collections . Few of the subsites have broken inheritance. Thats why master page option cant be opt out. I think setting X-frame option to "SameOrigin" will not give any issue and resolve clickjacking problem. But we have some SP-Apps on home page those are breaking because of sameorigin option. Can you suggest any solution for that? Refer below screenshot:

    Tuesday, November 26, 2019 6:35 AM
  • Hi,

    We can create a farm solution to achieve it.

    Source code is here: mAdcOW.AllowFraming

    More information:

    How to use a good old farm solution to solve the SharePoint 2013 not allowed in an iframe preview issue

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Wednesday, November 27, 2019 8:41 AM
    Moderator
  • But then clickjacking problem still will be there for which we are changing the X frame options at IIS
    Tuesday, December 3, 2019 2:13 AM