Forum Discussion

suvi-15's avatar
suvi-15
Brass Contributor
Apr 12, 2022

Iframe-Embedded url teams Tab App not working

Hi,

 

I am trying to embed url in Iframe but it giving me frame violation error.

Please not url already been modified for Content-Security-Policy: frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com as per Tab Requisite https://docs.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/tab-requirements

am i missing anything.

Teams Tab App running in teams environment host as ngrok 

  • Hi,

     

    I found the solution for this issue... normally when we create Custom Team Tab Application we host the application somewhere lets say in azure then we need to specify that domain in frame-ancestor.

  • suvi-15 -

    The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

    For More Information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

    Thanks, 

    Prasad Das

    -------------------------------------------------------

    If the response is helpful, please click "**Mark as Best Response**" and like it. You can share your feedback via Microsoft Teams Developer Feedback link.

    • suvi-15's avatar
      suvi-15
      Brass Contributor
      Hi Prasad,
      In Custom Team Tab Application in which we host application lets say in Azure... so that azure website url needs to be added in X-Frame-options or Team url?
    • suvi-15's avatar
      suvi-15
      Brass Contributor
      Hi Prasad,
      I read article which you shared and it mentioned that
      "The frame-ancestors directive obsoletes the X-Frame-Options header. If a resource has both policies, the frame-ancestors policy SHOULD be enforced and the X-Frame-Options policy SHOULD be ignored."
      • suvi-15's avatar
        suvi-15
        Brass Contributor

        Hi,

         

        I found the solution for this issue... normally when we create Custom Team Tab Application we host the application somewhere lets say in azure then we need to specify that domain in frame-ancestor.

Resources