<iframe src="//myserver.com.au/ords/f?p=SAGE:1023:&SESSION."></iframe>Just recently I did just that and came across an error I expected to see, but a little curious as to how it presented itself.
Refused to display '//myserver.com.au/ords/f?p=SAGE:1023:30559832045078' in a frame because it set 'X-Frame-Options' to 'DENY'.
Googling the last half of the message returns some interesting discussions on how this works from a web technology perspective
http://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe
The idea is that it can protect from clickjacking behaviours. APEX manipulates browser settings through an application security attribute "Embed in Frames". Allowing from same origin is deferring trust to the hosting server.
You might need to adjust this for scenarios such as
- modal dialog plugins
- embedding an apex page as a region within another page
- attempting multiple IR per page prior to APEX 5
- APEX page embedded within a Portal
Dan McGhan explains the properties in more depth:
http://www.danielmcghan.us/2011/08/new-browser-security-attributes-in-apex.html
Current APEX 5 documentation:
http://docs.oracle.com/cd/E59726_01/doc.50/e39147/bldr_attr.htm#HTMDB29922
though I'm pretty sure the setting was introduced in 4.1.
Scott
 

 
3 comments:
Thank you!!!
It worked for me :)
Is it any solution working with ORDS ? My Apex does not have the option, it just have a "box" for HTTP Response for writing code.
I'm not sure, I haven't looked at this for a while. What version APEX/ORDS are you on?
Post a Comment