Embedding owncloud in a iframe

- I want to embed in a iframe an owncloud folder.
- Even changing the option X-Frame-Options in the htaccess file, doesn't solve the problem, keeps giving me an x-Frame-Options Sameorigin error.

Expected behaviour
After changing the option Header set X-Frame-Options to "ALLOW-FROM http://display-website.de/", still not "allowing" this domain, or not making any change at all.

Actual behaviour
I can't see the iframe in http://display-website.de/, throws me an error:
Refused to display 'https://media.display-website.de/index.php/apps/files/' in a frame because it set 'X-Frame-Options' to 'Sameorigin'.

Server configuration
Operating system: N/A
Web server: Apache (Version N/A)
Database: MYSQL
PHP version: 7.0 (CGI)
ownCloud version: ownCloud 9.1.0 (stable)
Updated from an older ownCloud or fresh install: fresh install
ownCloud log: this error it's not displaying in the log

Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): server-side encription

Integrity status for oC9+

Technical information
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
- core
		- .htaccess
Raw output
    [core] => Array
            [INVALID_HASH] => Array
                    [.htaccess] => Array
                            [expected] => ab5f4c44ba2f9c66f2ed25c3ad3d84660b2808cca11ffa8fe2778a648a054d8ada495a0bf4715dc873aac1efe8dfd92a72f9a24441d8f5240834e639325fd892
                            [current] => 5b86ad1ddee7a09ab9d7e52ef8f00e67d563fb1e55121e7538f9be80baa1cb8fa43f2e62707502627b1816c3aaf0866194c97a6c5500903535b05b28cf85a7b7


Thanks to everybody that readed til here :slight_smile:

You can search through the code of oC for that "same origin" thingy. I think that will be set somewhere in the code by default.

Did it already... same result... there it's something that i'm missing :pensive:


1 Like

Yes! i was just going to put an answer here, i found this 20 minutes ago, and it's exactly this file!

Thank you so much for your help :slight_smile:


1/ Will I be able to embed an owncloud server if it is hosted in a sub domain, when the web site doing the embedding is in another sub domain but with the same domain name (ex. Can I embed owncloud.mywebsite2344234234.com in test.mywebsite2344234234.com without having issue with the sameorigin restriction ?)

If not

2/ Can I embed Owncloud in only one website (with one specific domain name - and no other website will be able to embed it) and how to ?

Thanks for your answers…

In the meantime there is a CORS function in ownCloud. You do need to enter the URL and that will be an exception to the CSP rule. https://doc.owncloud.com/server/admin_manual/configuration/server/config_sample_php_parameters.html