We have been using an iframe for customer access to UMP to keep it grouped with other portals we publish. A while back browsers started enforcing stricter security to avoid clickjacking, and we had to configure UMP to permit it to be displayed in an iframe. It required manipulating these settings in portal-ext.properties to control the X-Frame-Options HTTP header:
http.header.x-frame-options.enabled=true
http.header.x-frame-options.whitelist.255.url=/
http.header.x-frame-options.whitelist.255.value=SAMEORIGIN
# http.header.x-frame-options.whitelist.0.url=/usm/jsp/standalone.jsp
# http.header.x-frame-options.whitelist.0.value=ALLOWALL
We now need to enable OC to work in an iframe. The portal-ext.properties file is gone, but we found conf/config.properties with roughly the same content. Adjusting these settings does not seem to help though. We found multiple sources online with explanations about how to set the X-Frame-Options header in Tomcat by updating web.xml (which we also found the conf/ directory), but we haven't been able to get our changes in that file to affect any results.
Is anyone successfully publishing OC in an iframe?
Thanks!