- After a runtime filter is selected on running a report on Microsoft Edge the following error appears:
"This content can't be shown in a frame"
- When creating a new query in Report Canvas (Advanced Reporting or Detailed Reporting) the List query designer only shows a blank white screen. This only happens when using Microsoft Edge browser.
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
- SAP SuccessFactors HCM Suite
- Report Canvas
There is a compatibility issue with Microsoft Edge and the WFA framework (Report Canvas is a tool from WFA) . The defect in Edge, strips the content WFA uses to evaluate how 'X-Frame-Options' and 'Content-Security-Policy' headers are set. So, missing content causes incorrectly setting 'SAMEORIGIN' value for iFrames - where as the expected behavior is having ALLOW-FROM parent origin as in set correctly other browsers- Eventually, iFrame becomes more restricted than necessary and blocking user to render the content.
Shortly, a defect in Edge when combined with security logic top prevent ClikJacking results a complete blockage.
There are two options to adress this behavior:
- Either use other browsers like Internet Explorer, Firefox, Chrome, but not Edge until this problem is addressed.
As stated in the Help Portal Guide
Supported Desktop Browsers for SAP SuccessFactors
Microsoft Edge is not recommended for users of the Workforce Analytics, Strategic Workforce Planning and Online Report Designer products. For these products, we recommend the other browsers listed. We cannot guarantee fixes for Edge defects specific to these products.
- Or you can disable ClickJacking until Edge issue gets resolved, referring to risk assessment provided by security engineering.
Disabling the protection is one of the option. You can calculate the CVSS score for Clickjacking vulnerability in the website Security Evaluation; The score is 6.1 which is a medium issue. The CVSS is the common risk rating system we used to communicate internal as well as external.
Report center - Edge - Runtime filter - This content can't be shown in a frame, Microsoft Edge blank screen, new query, blank screen, white screen , KBA , this content can't be shown in a frame , LOD-SF-ANA-ORD , Online Report Designer , LOD-SF-ANA-ADV , Advanced Reporting (ODS) , Problem