Forum Discussion
Iframe-Embedded url teams Tab App not working
Hi,
I am trying to embed url in Iframe but it giving me frame violation error.
Please not url already been modified for Content-Security-Policy: frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com as per Tab Requisite https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/tab-requirements
am i missing anything.
Teams Tab App running in teams environment host as ngrok
Hi,
I found the solution for this issue... normally when we create Custom Team Tab Application we host the application somewhere lets say in azure then we need to specify that domain in frame-ancestor.
- Prasad_Das-MSFTMicrosoft
suvi-15 -
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
<frame>
,<iframe>
or<object>
. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.For More Information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Thanks,
Prasad Das
-------------------------------------------------------
If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.
- suvi-15Brass ContributorHi Prasad,
In Custom Team Tab Application in which we host application lets say in Azure... so that azure website url needs to be added in X-Frame-options or Team url? - suvi-15Brass ContributorHi Prasad,
I read article which you shared and it mentioned that
"The frame-ancestors directive obsoletes the X-Frame-Options header. If a resource has both policies, the frame-ancestors policy SHOULD be enforced and the X-Frame-Options policy SHOULD be ignored."- suvi-15Brass Contributor
Hi,
I found the solution for this issue... normally when we create Custom Team Tab Application we host the application somewhere lets say in azure then we need to specify that domain in frame-ancestor.