Skip to Content

SAPUI5 Whitelist FrameOptions - Embed UI5 Apps in iframes

Aug 03, 2017 at 06:54 PM


avatar image
Former Member

Hi Community,

we would like to use sapui5 applications embedded in iframes. For that, we would like to use SAPs securing concepts for frames.

Our problem is, that the whitelistservice is called with an empty parentOrigin, so the service doesn't allow the current parent container. What I'm doing wrong? (The whitelistservice from the backend is working correct, if It would be called with an origin, he returns the excpected response.)

I did the following:

added this code before sap-ui-core.js is called in my sapui5-app

window["sap-ui-config"] = {
	frameOptions: 'trusted',
	frameOptionsConfig: {
		callback: function(bSuccess) {
			if (bSuccess) {
				alert("App is allowed to run!");
			} else {
				//alert("App is not allowed to run!");

the iframe calls the sapui5 app from another page like this

<iframe src=".../sap/bc/ui5_ui5/sap/z...../index.html" frameborder="0" width="100%" height="100%">

Now the first problem, the whitelistservice will be called without parentorigin:


Why is it empty?

I get this console error also:

[index.html] Reached timeout of 10000ms waiting for a response from parent window -

Do you have any idea?


kind regards


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

avatar image
Former Member Apr 14 at 04:55 PM

Unfortunately i'm having exactly the same problem. When embedding the frame in a SAPUI5 application everything goes well, the "parentOrigin" is passed, but if called from other source the parentOrigin is empty.

Any tips?

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

For anyone having the same problem:

Import SAP's bootstrap for the sap-ui-core, on the application were you are setting up the iframe

<script id="sap-ui-bootstrap"