SAP Knowledge Base Article - Public

2144656 - Unable to configure iframe on the Home page Tile - Platform

Symptom

Question: 

  1. How do we configure iframe on the Welcome Portlet?
  2. We receive an error the following when trying to customize the tile in the Home Page and preview it:

The requested operation is not available. This problem is due to the following reason(s): You are not authorized to access the functionality you have requested”

  1. How can I add an iframe code :

<iframe height="200px" src=“http://www.google.com" width="200px"></iframe>

Overview:

  1. Click on the Edit/Wheel icon under the Welcome Portlet:
    iframe1.jpg
  2. Insert the iframe:

​​iframe2.jpg

iframe3.jpg

 

4. We receive an error while previewing:
iFrame4.jpg

 

5. Now click on the home page the welcome tile is showing blank or an error on it:

iframe5.jpg

Environment

  • Platform

Resolution

 
  • From what we know, Google landing page disabled iframe. "Google is sending an "X-Frame-Options: SAMEORIGIN" response header.
  • This option prevents the browser from displaying iframe that are not hosted on the same domain as the parent page."
  • google.com isn't an iframe-able domain
  • Another point to note is, customers are inside BizX, so they are under https. Within https, iframe has to be https.
  • This is standard web browser security. Security site with https will not allow non-security content to be displayed inside.
  • Some browsers (IEs) might give you a warning message "content not security" if you try to display any http content inside https domain. Others browsers will just leave it empty.
  • Check if your BizX instance has the "Sanitize all rich text inputs" checkbox checked, in the "Company System and Logo Settings" under Admin Tools page.
  • If so, then that would explain why the "<iframe>" tag is being removed.
  • If they you want to use an "<iframe>" tag, then you would need to have the "Sanitize all rich text inputs" checkbox not be checked.
  • By having the "Sanitize all rich text inputs" checkbox not be checked, you are essentially saying that you will trust your admin users to not put in malicious HTML into rich text input fields; so it would be the responsibility of your admins to be careful about what they put into the rich text input fields.

 

  • Our SuccessFactors default domain is the best example here because it is https, and also an iframe-able domain. You can try below iframe and test it out in source code:

<iframe height="800" width="600" src="https://www.successfactors.com" ></iframe>

  • If you encounter the system does not allow inputting iframe even when we configure it to display https content, please open a support case and provide us with an iframe code with https content which you are not able to configure within the Welcome portlet in Home Page.

Additional Information:

  • BizX will never allow “http” connection in the Welcome portlet or any other portlet. However, all "https" connection websites can be configured.
  • Only these https allowed to be iframe-able will be able to work. (e.g.: no google.)
  • It is not BizX that is mandating that only https URLs will work; instead, it is standard web security that is built into browser which mandates this. In other words, it is outside the control of BizX w.r.t. being able to support http URLs.

Keywords

KBA , LOD-SF-PLT , Foundational Capabilities & Tools , How To

Product

SAP SuccessFactors HCM Core all versions