Skip to Content

SAPUI5 Whitelist FrameOptions - Embed UI5 Apps in iframes

Aug 03, 2017 at 06:54 PM


avatar image

Hi Community,

we would like to use sapui5 applications embedded in iframes. For that, we would like to use SAPs securing concepts for frames.

Our problem is, that the whitelistservice is called with an empty parentOrigin, so the service doesn't allow the current parent container. What I'm doing wrong? (The whitelistservice from the backend is working correct, if It would be called with an origin, he returns the excpected response.)

I did the following:

added this code before sap-ui-core.js is called in my sapui5-app

window["sap-ui-config"] = {
	frameOptions: 'trusted',
	frameOptionsConfig: {
		callback: function(bSuccess) {
			if (bSuccess) {
				alert("App is allowed to run!");
			} else {
				//alert("App is not allowed to run!");

the iframe calls the sapui5 app from another page like this

<iframe src=".../sap/bc/ui5_ui5/sap/z...../index.html" frameborder="0" width="100%" height="100%">

Now the first problem, the whitelistservice will be called without parentorigin:


Why is it empty?

I get this console error also:

[index.html] Reached timeout of 10000ms waiting for a response from parent window -

Do you have any idea?


kind regards


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

0 Answers