Embedding Content in SharePoint

%3CLINGO-SUB%20id%3D%22lingo-sub-75422%22%20slang%3D%22en-US%22%3EEmbedding%20Content%20in%20SharePoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-75422%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20embed%20a%20website%20into%20SharePoint%20using%20the%20embed%20webpart.%20%26nbsp%3BHowever%20I'm%20receiving%20the%20message%20%22Embedding%20content%20from%20this%20website%20isn't%20allowed%2C%20but%20your%20admin%20can%20change%20this%20setting.%20They%20will%20need%20to%20add%20'iafc.maps.arcgis.com'%20to%20the%20list%20of%20sites%20that%20are%20allowed%22.%20%26nbsp%3BI%20have%20enabled%20scripting%20but%20I%20am%20not%20able%20to%20see%20the%20%22HTML%20Field%20Security%22%20option%20to%20allow%20this%20site%20to%20be%20embedded.%20%26nbsp%3BSo%20I%20don't%20know%20what%20I'm%20missing.%20%26nbsp%3BAny%20suggestions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-75422%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESharePoint%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESites%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-260567%22%20slang%3D%22en-US%22%3ERe%3A%20Embedding%20Content%20in%20SharePoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-260567%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20There%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20are%20some%20details%20-%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E*Issue%20Encountered*%20-%26nbsp%3B%20While%20adding%20iframe%20to%26nbsp%3B%20sharepoint%3C%2FP%3E%3CP%3E*Error*%20-%26nbsp%3Bembedding%20content%20from%20this%20website%20isn't%20allowed%2C%20but%20your%20admin%20can%20change%20this%20setting.%3C%2FP%3E%3CP%3E*Steps%20flowed*%20-%3C%2FP%3E%3CP%3ERequested%20admin%20rights%20from%20Sys%20Admin%3C%2FP%3E%3CP%3EAdded%20site%20in%20%3CSTRONG%3EHTM%20field%20security%20%3C%2FSTRONG%3Eand%20%3CSTRONG%3EAllowed%20custom%3C%2FSTRONG%3E%20Script%20in%20SharePoint%20settings%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EStill%20facing%20the%20problem%3F%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20is%20the%20solution%20-%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20setting%26nbsp%3B%3CSTRONG%3EHTM%20field%20security%3C%2FSTRONG%3E%20is%20also%20at%20the%20site%20level.%3C%2FP%3E%3COL%3E%3CLI%3EEnable%20Custom%20script%20in%20site%20collection%20in%20root(main%20site).%3C%2FLI%3E%3CLI%3EFor%20the%20root%20(main%20site)as%20well%20as%20for%20tenant%20site.%3C%2FLI%3E%3CLI%3EOwner%20of%20the%20group%20(Tenant)can%20only%20see%20the%20Site%20settings%20where%26nbsp%3Byou%20will%20find%26nbsp%3B%3CSTRONG%3EHTM%20field%20security%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3Bfor%20that%20site.%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3Eif%20you%20are%20not%20the%20owner%20you%20will%20not%20see%20the%20site%20so%20%2C%20To%20change%20the%20owner%20-%3C%2FLI%3E%3C%2FOL%3E%3CP%3EDownload%20and%20Login%20to%3CSTRONG%3E%20Share%20point%20power%20shell%3C%2FSTRONG%3E%20and%20connect%20using%20a%20command%20-%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EConnect-SPOService%20-Url%20https%3A%2F%2F%3CSTRONG%3Etanentname%3C%2FSTRONG%3E-admin.sharepoint.com%20-credential%20%3CSTRONG%3Eyouremail%40domainname.com%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E5.%20The%20window%20will%20pop%20up%20asking%20your%20credentials%20and%20then%20you%20will%20be%20connected%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E6.%20Once%20it%20is%20connected%20check%20site%20URL%20where%20you%20are%20working%20-%3C%2FP%3E%3CP%3ECommand%20%3CEM%3E%3CSTRONG%3Eget-%3C%2FSTRONG%3E%3C%2FEM%3Eositspe%26nbsp%3Bwill%20show%20all%20site%20URLs%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E7.%20Change%26nbsp%3B%20Setting%20using%20sharepoint%20power%20shell%20using%20below%20command%20-%26nbsp%3B%3C%2FP%3E%3CP%3Eset-sposite%20-identity%20___%3CSTRONG%3ESiteURL%3C%2FSTRONG%3E%20-DenyAddAndCustomizePages%200%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EIf%20you%20are%20not%20the%20owner%20of%20the%20site%20you%20want%20to%20host%20iframe%20to%20use%20below%20command%20to%20be%20the%20owner%20first%20after%20connecting%20using%20power%20shell%20and%20then%20follow%20steps%26nbsp%3B%20-%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eset-sposite%20-identity%3CSTRONG%3E%20SITE%20URL%20%3C%2FSTRONG%3E-owner%20youremail%40domain.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20You%20got%20to%20be%20the%20owner%20of%20the%20share%20point%20site%20in%20order%20to%20change%26nbsp%3B%3CSTRONG%3EHTM%20field%20security%20or%20else%20this%20option%20will%20not%20be%20visible.%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-75760%22%20slang%3D%22en-US%22%3ERe%3A%20Embedding%20Content%20in%20SharePoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-75760%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20turns%20out%20it%20was%20a%20setting%20within%20Groups.%20%26nbsp%3BEven%20with%20scripting%20turned%20on%20HTML%20field%20security%20was%20not%20visable%20as%20an%20option.%20%26nbsp%3BI%20had%20to%20run%20a%20PowerShell%20to%20get%20HTML%20Field%20Security%20to%20appear%20so%20I%20could%20add%20the%20websites%20needed%20to%20be%20embedded.%20%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-75654%22%20slang%3D%22en-US%22%3ERe%3A%20Embedding%20Content%20in%20SharePoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-75654%22%20slang%3D%22en-US%22%3E%3CP%3EEnabling%20the%20scripting%20option%26nbsp%3Bon%20tenant-level%20might%20take%2024hours%20before%20its%20effect%20is%20visible.%20Just%20wait%20a%20bit%20longer%20and%20try%20again%2C%20it%20should%20work.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2043108%22%20slang%3D%22en-US%22%3ERe%3A%20Embedding%20Content%20in%20SharePoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2043108%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F201339%22%20target%3D%22_blank%22%3E%40SAURAV%20PANT%3C%2FA%3E%26nbsp%3BThank%20you%2C%20this%20pointed%20me%20in%20the%20right%20direction.%20I%20had%20changed%20the%20Sites%20collection%20HTML%20Field%20Security%20setting%20but%20missed%20the%20Site%20Level%20HTML%20Field%20Security%20setting.%20For%20good%20measure%20I%20also%20enabled%20Custom%20scripts.%20I%20did%20not%20run%20any%20of%20the%20PowerShell%20scripts%20you%20suggested%20but%20just%20used%20the%20settings%20gear.%20I%20had%20to%20click%20around%20a%20bit%20to%20find%20the%20correct%20settings.%20I%20had%20to%20use%20three%20different%20methods.%3C%2FP%3E%3CUL%3E%3CLI%3ETo%20get%20to%20the%20site%20collections%20admin%20setting%2C%20I%20went%20to%20the%20tenant%20sites%20collection%20root%20and%20then%20chose%20the%20gear%20at%20the%20top%20right%2C%20then%20scrolled%20to%20HTML%20Field%20Security%20setting%3C%2FLI%3E%3CLI%3ETo%20get%20to%20the%20site%20level%20setting%2C%20I%20went%20to%20any%20site%20page%2C%20selected%20the%20gear%20at%20the%20top%20right%2C%20chose%20%22Site%20Information%22%20then%20%22View%20all%20site%20settings%22%2C%20then%20scrolled%20to%20HTML%20Field%20Security%20setting.%3C%2FLI%3E%3CLI%3ETo%20allow%20Custom%20scripts%2C%20I%20went%20to%20Office%20365%20Admin%26gt%3BSharePoint%20Admin%26gt%3BSettings%26gt%3BClassic%20Settings%20Page%20and%20then%20scrolled%20to%20the%20Custom%20Script%20settings%20towards%20the%20bottom.%26nbsp%3B%3C%2FLI%3E%3C%2FUL%3E%3CP%3EAfter%20that%20I%20tested%20with%20an%20iframe%20embedded%20object%20with%20script%20tags%20and%20it%20worked.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Frequent Contributor

I am trying to embed a website into SharePoint using the embed webpart.  However I'm receiving the message "Embedding content from this website isn't allowed, but your admin can change this setting. They will need to add 'iafc.maps.arcgis.com' to the list of sites that are allowed".  I have enabled scripting but I am not able to see the "HTML Field Security" option to allow this site to be embedded.  So I don't know what I'm missing.  Any suggestions?

4 Replies

Enabling the scripting option on tenant-level might take 24hours before its effect is visible. Just wait a bit longer and try again, it should work.

It turns out it was a setting within Groups.  Even with scripting turned on HTML field security was not visable as an option.  I had to run a PowerShell to get HTML Field Security to appear so I could add the websites needed to be embedded.   

Hi There,

 

Here are some details - 

 

*Issue Encountered* -  While adding iframe to  sharepoint

*Error* - embedding content from this website isn't allowed, but your admin can change this setting.

*Steps flowed* -

Requested admin rights from Sys Admin

Added site in HTM field security and Allowed custom Script in SharePoint settings

 

Still facing the problem?

 

Here is the solution -

 

The setting HTM field security is also at the site level.

  1. Enable Custom script in site collection in root(main site).
  2. For the root (main site)as well as for tenant site.
  3. Owner of the group (Tenant)can only see the Site settings where you will find HTM field security for that site.
  4. if you are not the owner you will not see the site so , To change the owner -

Download and Login to Share point power shell and connect using a command - 

 

Connect-SPOService -Url https://tanentname-admin.sharepoint.com -credential youremail@domainname.com

 

5. The window will pop up asking your credentials and then you will be connected

 

6. Once it is connected check site URL where you are working -

Command get-ositspe will show all site URLs

 

7. Change  Setting using sharepoint power shell using below command - 

set-sposite -identity ___SiteURL -DenyAddAndCustomizePages 0

 

If you are not the owner of the site you want to host iframe to use below command to be the owner first after connecting using power shell and then follow steps  - 

 

set-sposite -identity SITE URL -owner youremail@domain.com

 

- You got to be the owner of the share point site in order to change HTM field security or else this option will not be visible.

 

@SAURAV PANT Thank you, this pointed me in the right direction. I had changed the Sites collection HTML Field Security setting but missed the Site Level HTML Field Security setting. For good measure I also enabled Custom scripts. I did not run any of the PowerShell scripts you suggested but just used the settings gear. I had to click around a bit to find the correct settings. I had to use three different methods.

  • To get to the site collections admin setting, I went to the tenant sites collection root and then chose the gear at the top right, then scrolled to HTML Field Security setting
  • To get to the site level setting, I went to any site page, selected the gear at the top right, chose "Site Information" then "View all site settings", then scrolled to HTML Field Security setting.
  • To allow Custom scripts, I went to Office 365 Admin>SharePoint Admin>Settings>Classic Settings Page and then scrolled to the Custom Script settings towards the bottom. 

After that I tested with an iframe embedded object with script tags and it worked.

 

Thank you!