Hi everyone,
I am developing an external web application where I need to embed the M-Files Web Access (vNext) inside an <iframe>. Our vault is hosted on the M-Files Cloud (via a partner, ADMS).
I am currently facing security blocks preventing the iframe from loading. When trying to load the vault URL (https://adms.mfs.cloud/...) inside my iframe, I get the following error in the browser console: Refused to display '...' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
My Setup:
-
Host Page: A simple HTML page running on
localhost(for dev) and eventually a specific domain. -
Target: M-Files Cloud Web Access.
The Issue: Since this is a Cloud environment, I do not have access to the IIS settings to remove the X-Frame-Options header or configure the Content Security Policy (CSP) manually.
My Questions:
-
Is there a specific setting within M-Files Admin (Configurations > Advanced Vault Settings) where I can configure the allowed
Frame-Ancestorsor whitelist my domain for iframe embedding? -
If this must be done by the Cloud Service Provider (ADMS in my case), what is the specific technical request I should make? Is it a change in the
appsettings.json, a specific registry key, or an IIS configuration on their end?
Thanks in advance!
