Embedding owncloud in a iframe

Issue
- I want to embed in a iframe an owncloud folder.
- Even changing the option X-Frame-Options in the htaccess file, doesn't solve the problem, keeps giving me an x-Frame-Options Sameorigin error.

Expected behaviour
After changing the option Header set X-Frame-Options to "ALLOW-FROM http://display-website.de/", still not "allowing" this domain, or not making any change at all.

Actual behaviour
I can't see the iframe in http://display-website.de/, throws me an error:
Refused to display 'https://media.display-website.de/index.php/apps/files/' in a frame because it set 'X-Frame-Options' to 'Sameorigin'.

Server configuration
Operating system: N/A
Web server: Apache (Version N/A)
Database: MYSQL
PHP version: 7.0 (CGI)
ownCloud version: ownCloud 9.1.0 (stable)
Updated from an older ownCloud or fresh install: fresh install
ownCloud log: this error it's not displaying in the log

Special configuration (external storage, external authentication, reverse proxy, server-side-encryption): server-side encription

Integrity status for oC9+

Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- core
	- INVALID_HASH
		- .htaccess
Raw output
==========
Array
(
    [core] => Array
        (
            [INVALID_HASH] => Array
                (
                    [.htaccess] => Array
                        (
                            [expected] => ab5f4c44ba2f9c66f2ed25c3ad3d84660b2808cca11ffa8fe2778a648a054d8ada495a0bf4715dc873aac1efe8dfd92a72f9a24441d8f5240834e639325fd892
                            [current] => 5b86ad1ddee7a09ab9d7e52ef8f00e67d563fb1e55121e7538f9be80baa1cb8fa43f2e62707502627b1816c3aaf0866194c97a6c5500903535b05b28cf85a7b7
                        )
                )

    )
)

Thanks to everybody that readed til here :slight_smile:

You can search through the code of oC for that "same origin" thingy. I think that will be set somewhere in the code by default.

Did it already... same result... there it's something that i'm missing :pensive:

See:

1 Like

Yes! i was just going to put an answer here, i found this 20 minutes ago, and it's exactly this file!

Thank you so much for your help :slight_smile:

Hello,

1/ Will I be able to embed an owncloud server if it is hosted in a sub domain, when the web site doing the embedding is in another sub domain but with the same domain name (ex. Can I embed owncloud.mywebsite2344234234.com in test.mywebsite2344234234.com without having issue with the sameorigin restriction ?)

If not

2/ Can I embed Owncloud in only one website (with one specific domain name - and no other website will be able to embed it) and how to ?

Thanks for your answers…

In the meantime there is a CORS function in ownCloud. You do need to enter the URL and that will be an exception to the CSP rule. https://doc.owncloud.com/server/admin_manual/configuration/server/config_sample_php_parameters.html

Is this accessible via FTP client (Transmit)?

I consider your question as OT, and I don’t know what ‘this’ relates to. And dropping a OT question into an 2 years old thread doesn’t make any sense either.

To access files in ownCloud you have to use WebDAV, nothing else.

Not OT (Off Topic, right?)
I’m asking about the CORS stuff. (Access ‘this’ meaning the CORS code. Can you access the proper file to change CORS via an FTP client.
If you read the OP (that means Original Post for those wondering) you’d see that they were looking for a way to embed owncloud folder via Iframe. As am I.
If the topic is still relevant to someone what does it matter if you post 2 years later?
Forums are usually for getting answers from other users not attitude.

You’re right, my bad. I’m very sorry that I didn’t understand your vague question, and I hope you’ll find an answer somewhere.

1 Like

I should have been more specific. Apologies.

1 Like

Hey,

it seems there was some additional info posted about this in the following topic recently:

So the fix was to remove that line? I did and restarted apache2 but still get the error…