Display the Web Portal in an iframe of a website from another domain

These instructions replace the allowInFrame attribute (in the WebPortal.config file), which has been deprecated.

By default, the Web Portal uses the HTTP Response Header X-Frame-Options: SAMEORIGIN. This prevents display of the Web Portal in an iframe of a website from another domain and has been implemented for security reasons.

To allow display of the Web Portal in an iframe of a website from another domain in a secure way:

  • Microsoft Internet Explorer does not support the HTTP Response Header Content-Security-Policy. It will use the X-Frame-Options header, which only supports one domain.
  • Most other browsers will use the header Content-Security-Policy, which supports multiple domains.