Question
techmahindra
IN
Last activity: 6 Aug 2024 13:14 EDT
Embedding external Application in pega
Hi,
we are embedding external application under case's data in a section using iframes in html. But we are getting X-frame_options set to same origin , the external application in not loading.
we have tried adding x-frame-options in custom DSS httpresponseheader but still we are not able to load the external application.Also tried adding content security ploicy at applicatipon level to allow all external scripts but not able to load the external application in pega.
Kindly help us if any alternative or solution to resolve x-frame-options issue.
Also can anyone help us on how to bypass ssl handshake error ERR_CERT_AUTHORITY_INVALID?? do we have any script.
Thanks,
saikiran
Pegasystems Inc.
GB
@saikiranr0443 To address the issue of embedding an external application in Pega using iframes and encountering the X-Frame-Options set to same origin, you can try the following steps
1. **Custom Headers**: Ensure that you have correctly configured the X-Frame-Options header in your application server to allow the external application. This can be done by adding or modifying the custom headers in the DSS with the setting purpose as Http/ResponseHeaders.
2. **Content Security Policy (CSP)**: Make sure that the Frame-Ancestors directive in your CSP is configured correctly. You might need a stricter policy based on the pxDefaultSecured and update that directive as suggested.
3. **Cross-Site Request Forgery (CSRF) Settings**: Check if your application has CSRF settings enabled, as this can prevent your application from loading in an iframe.
Regarding the SSL handshake error ERR_CERT_AUTHORITY_INVALID, this typically occurs due to an invalid or self-signed SSL certificate. To bypass this error, you can try the following steps:
1. **Update SSL Certificate**: Ensure that the SSL certificate for the external application is valid and issued by a trusted Certificate Authority (CA).
2. **Browser Settings**: For development purposes, you can temporarily bypass the SSL error by adjusting your browser settings, but this is not recommended for production environments due to security risks.
@saikiranr0443 To address the issue of embedding an external application in Pega using iframes and encountering the X-Frame-Options set to same origin, you can try the following steps
1. **Custom Headers**: Ensure that you have correctly configured the X-Frame-Options header in your application server to allow the external application. This can be done by adding or modifying the custom headers in the DSS with the setting purpose as Http/ResponseHeaders.
2. **Content Security Policy (CSP)**: Make sure that the Frame-Ancestors directive in your CSP is configured correctly. You might need a stricter policy based on the pxDefaultSecured and update that directive as suggested.
3. **Cross-Site Request Forgery (CSRF) Settings**: Check if your application has CSRF settings enabled, as this can prevent your application from loading in an iframe.
Regarding the SSL handshake error ERR_CERT_AUTHORITY_INVALID, this typically occurs due to an invalid or self-signed SSL certificate. To bypass this error, you can try the following steps:
1. **Update SSL Certificate**: Ensure that the SSL certificate for the external application is valid and issued by a trusted Certificate Authority (CA).
2. **Browser Settings**: For development purposes, you can temporarily bypass the SSL error by adjusting your browser settings, but this is not recommended for production environments due to security risks.
3. **Script for Bypassing SSL**: There is no recommended script to bypass SSL handshake errors as it poses significant security risks. It is best to resolve the certificate issue directly.