So I've just made a perspective view that has an iframe. In the designer the web pages show up, in Firefox v105.0.1 they show up and in Edge Version 106.0.1370.42 they show up but in Chrome Version 105.0.5195.127 the iframe is not showing up. Just listing the version numbers in case someone asks, these are all the current versions as of today. This is in windows 10 Pro.
The first couple of pages have some suggestions like changing the internet settings and downloading chrome extensions but none of that has had any effect.
Has anyone had this problem before and found a way to fix it?
iframe has various security settings across different browsers, what is in de iframe? something you(r company) owns and has control over?
Sure. But for example what/where are those security settings and what might they be changed to to help.
The content of the iframe is the webserver from a "Smart Relay" by Idec.
The webserver is only capable of serving http. I tried changing the "referrerPolicy" in the Ignition Designer but that also does not seem to have any effect. I've also messed with the windows security policy specifically the iframe setting, no effect.
The problem seems to be localized to chrome but I haven't found any specific info about what to change or update.
Any time you use an IFrame that is on a different host from your gateway, you trigger a rat's nest of security rules. "Content Security Policy" being the most significant. The most reliable way to solve this problem is to put Ignition and the other content behind a reverse proxy, like nginx or Apache. That will simultaneously allow wrapping of that HTTP-only content in HTTPS.
1 Like
Hi, are you able to elaborate on your comment in this post about putting Ignition behind a reverse proxy? I have some TVs that that I would like to run a custom web application on, and within that web application I want to display an iFrame to an Ignition Perspective page, but it fails due to x_frame_options.
I got around that by enabling HTTPs and adding these to my ignition.conf file
wrapper.java.additional.2=-Dignition.http.header.x_frame_options.enabled=false
wrapper.java.additional.3=-Dignition.http.session.cookie.same-site.value=None
wrapper.java.additional.4=-Dignition.http.session.cookie.same-site.enabled=true
however now I have an issue where my certificate can't be installed onto the TV 
Would putting Ignition behind a reverse proxy allow me to use HTTP from my TV and embed Ignition into an iFrame?
Unrelated. Whatever you use as a reverse proxy would need to have a certificate acceptable to the TV. Communications between the proxy and the proxied sites are independent of the TV's requirements.
There's no way to have the communication between the TV and the reverse proxy as HTTP traffic, and between the proxy and Ignition as HTTPs (if required)? Essentially what I really want/need is a way to allow my web page to display a Perspective page in an iFrame without having to use HTTPS
I've been trying to get this to work for days I can get my Perspective page to load properly through an NGINX reverse proxy when it's not in an iFrame, but when it's in an iFrame it gets stuck on the authenticating screen and is giving errors in the console about the web socket connection. I believe it's because the JSESSIONID cookie isn't being sent along with the request, but I can't for the life of me figure out how to get it to work. I've tried injecting that cookie in the reverse proxy, but no luck. Anybody that has any expertise in this I would greatly appreciate the help...please