OfficeDocs-Support icon indicating copy to clipboard operation
OfficeDocs-Support copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Solution

Open lightupdifire opened this issue 3 years ago • 8 comments

Hello,

This doesn't sound a solution, we face this issue, but how to solve it?

Solution This issue occurs when one of the following conditions is true:

You're displaying SharePoint Online pages on an external site through an iframe.

You're displaying SharePoint Online pages on a SharePoint Online site that uses a different domain through an iframe.

Document Details

Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

lightupdifire avatar Mar 12 '21 08:03 lightupdifire

Hello, Maybe some one can help for this, we are trying to load the SharePoint Online document in iframe like this in angular page:

Error:

Refused to frame '<URL>' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.stream.azure-test.net *.microsoftstream.com".

lightupdifire avatar Mar 12 '21 09:03 lightupdifire

I agree, this is not a solution.

josh-yeager avatar Mar 23 '21 17:03 josh-yeager

Hello @lightupdifire ,

Thanks for your feedback.

Due to security reasons (To avoid Iframe based web attacks), you cannot add a Sharepoint online page in an iframe in any external website.

The document explains what are the possible reasons for the Issue. May be we will update the word "Solution" to "Reason"

Will keep you posted once its updated.

nk-gears avatar Jun 05 '21 15:06 nk-gears

In SharePoint, you are able to embed PowerPoint, Excel, Word and Visio files externally in an iframe without any restrictions.

However, you cannot embed any other file externally. Although, you are able to embed images, audio and video externally with OneDrive Personal. So why the restriction with SharePoint? At least offer the ability for SharePoint administrators to add their domains to the CSP directive.

r-a-y avatar Jun 05 '21 19:06 r-a-y

This is an old article that will be retired. Please check this one instead to see if it helps you: https://support.microsoft.com/en-us/office/allow-or-restrict-the-ability-to-embed-content-on-sharepoint-pages-e7baf83f-09d0-4bd1-9058-4aa483ee137b

jlriesco avatar Jun 16 '21 16:06 jlriesco

Jose, that link doesn't work. It seems to just point to "url". What URL should we check for the new article?

Thanks, Josh

josh-yeager avatar Jun 16 '21 16:06 josh-yeager

@josh-yeager Sorry, I've updated the URL with the right one. It should work now. Please try again.

jlriesco avatar Jun 16 '21 17:06 jlriesco

Thanks, that worked! I read the new article, it makes sense. Unfortunately, it doesn't resolve this issue. It clearly explains the settings that SharePoint offers to allow administrators to control content embedded inside SharePoint.

But what we need is to embed SharePoint pages in other applications. For example, to show a SharePoint folder in an iframe inside a task management tool. We need a setting in SharePoint to make a list of domains that are allowed to embed SharePoint in iframes. Does that make sense?

josh-yeager avatar Jun 16 '21 17:06 josh-yeager