Technology Blog Posts by SAP
cancel
Showing results for 
Search instead for 
Did you mean: 
quovadis
Product and Topic Expert
Product and Topic Expert
1,491

How to embed SWZ portal into an iFrame? Where to insert my embedding domain into the list of SWZ trusted domains?

When trying to embed the entire SWZ portal into an iFrame I get the following error:

Refused to frame 'https://btp-tenant.workzone.cfapps.eu10.hana.ondemand.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://teams.microsoft.com https://btp-tenant.cpp.cfapps.eu10.hana.ondemand.com https://btp-tenant.launchpad.cfapps.eu10.hana.ondemand.com https://btp-tenant.workzone.cfapps.eu10.hana.ondemand.com https://btp-tenant.workzonehr.cfapps.eu10.hana.ondemand.com https://btp-tenant.mobile.workzone.cfapps.eu10.hana.ondemand.com https://btp-tenant.mobile.workzonehr.cfapps.eu10.hana.ondemand.com".

The list in the frame-ancestors is a list of SWZ trusted domains. Thus, for instance, I can embed the same SWZ portal into MS Teams. This works because https://teams.microsoft.com is already on the trusted domains list above.

Worth mentioning, this is a different trusted domain list from the list of the trusted domains maintained in SWZ's SAP IAS. The latter is used when embedding 3rd party content into SWZ.

Q. So the question is how do I get added any custom domain to the list of trusted domains to embed SWZ into?

 
A. Eventually I figured out how to do it with either SAP Workzone edition, namely free/standard and advanced.

You have to edit the list of relevant security headers in the site manager settings as depicted in the screenshot below. Then you can embed SWZ in your website;

SWZ-embed.png

 Voila; that's it.

quovadis_0-1714069918233.png
PS.

The following links were helpful:

https://help.sap.com/docs/build-work-zone-standard-edition/sap-build-work-zone-standard-edition/security

https://help.sap.com/docs/build-work-zone-standard-edition/sap-build-work-zone-standard-edition/using-security-headers

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
1 Comment