cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAPUI5 Whitelist FrameOptions - Embed UI5 Apps in iframes

kai2015
Contributor

on ‎08-03-2017 7:54 PM

0 Kudos

Hi Community,

we would like to use sapui5 applications embedded in iframes. For that, we would like to use SAPs securing concepts for frames.

Our problem is, that the whitelistservice is called with an empty parentOrigin, so the service doesn't allow the current parent container. What I'm doing wrong? (The whitelistservice from the backend is working correct, if It would be called with an origin, he returns the excpected response.)

I did the following:

added this code before sap-ui-core.js is called in my sapui5-app

<script>
window["sap-ui-config"] = {
	frameOptions: 'trusted',
	frameOptionsConfig: {
		callback: function(bSuccess) {
			if (bSuccess) {
				console.log(bSuccess);
				alert("App is allowed to run!");
			} else {
				console.log(bSuccess);
				//alert("App is not allowed to run!");
			}
		}
	}
};
</script>

the iframe calls the sapui5 app from another page like this

<iframe src=".../sap/bc/ui5_ui5/sap/z...../index.html" frameborder="0" width="100%" height="100%">
</iframe>

Now the first problem, the whitelistservice will be called without parentorigin:

.../sap/public/bc/uics/whitelist/service?parentOrigin=

Why is it empty?

I get this console error also:

[index.html] Reached timeout of 10000ms waiting for a response from parent window -  jQuery.sap.FrameOptions

Do you have any idea?

Sources:

https://help.sap.com/saphelp_nw74/helpdata/en/91/f3768f6f4d1014b6dd926db0e91070/frameset.htm

https://help.sap.com/saphelp_nw73ehp1/helpdata/de/96/6b6233e5404ebe80513ae082131132/frameset.htm

kind regards

Kai

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

dandrade
Explorer
‎04-14-2018 5:55 PM

Unfortunately i'm having exactly the same problem. When embedding the frame in a SAPUI5 application everything goes well, the "parentOrigin" is passed, but if called from other source the parentOrigin is empty.

Any tips?

Show replies
Show replies
dandrade
Explorer
‎04-17-2018 11:25 AM
0 Kudos

For anyone having the same problem:

Import SAP's bootstrap for the sap-ui-core, on the application were you are setting up the iframe

<script id="sap-ui-bootstrap"
src="https://sapui5.hana.ondemand.com/1.48.17/resources/sap-ui-cachebuster/sap-ui-core.js">
</script>
gregorw
Active Contributor
‎04-12-2021 7:42 AM
0 Kudos

Hi dandrade,

if you're in an on premise environment you're not allowed anymore to use the SAP CDN anymore (see 2943781 - Is the usage of SAP's Content Delivery Network for onPremise systems permitted?. So I would suggest you use this instead:

<script id="sap-ui-bootstrap" src="/sap/public/bc/ui5_ui5/1/resources/sap-ui-core.js"></script>

Best regards
Gregor

Ask a Question