Skip to Content

SAPUI5 Whitelist FrameOptions - Embed UI5 Apps in iframes

Hi Community,

we would like to use sapui5 applications embedded in iframes. For that, we would like to use SAPs securing concepts for frames.

Our problem is, that the whitelistservice is called with an empty parentOrigin, so the service doesn't allow the current parent container. What I'm doing wrong? (The whitelistservice from the backend is working correct, if It would be called with an origin, he returns the excpected response.)

I did the following:

added this code before sap-ui-core.js is called in my sapui5-app

window["sap-ui-config"] = {
	frameOptions: 'trusted',
	frameOptionsConfig: {
		callback: function(bSuccess) {
			if (bSuccess) {
				alert("App is allowed to run!");
			} else {
				//alert("App is not allowed to run!");

the iframe calls the sapui5 app from another page like this

<iframe src=".../sap/bc/ui5_ui5/sap/z...../index.html" frameborder="0" width="100%" height="100%">

Now the first problem, the whitelistservice will be called without parentorigin:


Why is it empty?

I get this console error also:

[index.html] Reached timeout of 10000ms waiting for a response from parent window -

Do you have any idea?


kind regards


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Apr 14, 2018 at 04:55 PM

    Unfortunately i'm having exactly the same problem. When embedding the frame in a SAPUI5 application everything goes well, the "parentOrigin" is passed, but if called from other source the parentOrigin is empty.

    Any tips?

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      For anyone having the same problem:

      Import SAP's bootstrap for the sap-ui-core, on the application were you are setting up the iframe

      <script id="sap-ui-bootstrap"