Views:

Question:
Why is the Web Client not displayed in an iframe?

Answer:
Since DocuWare 6.5 the Web Client is delivered with elevated security settings, which means that it will not be displayed in an iframe of a page or application, which is called over a different domain or address than the web client itself (cross domain).
To disable these security settings you need to change these settings (after every minor or major Update):

  • Backup the file "C:\Program Files\DocuWare\Web\Platform\Web.config"

    • respectively "C:\Program Files (x86)\DocuWare\Web\Platform\Web.config" for older versions

  • Open the file Web.config"

  • Search for the section:

    <location path="WebClient">
    <system.webServer>
    <httpProtocol>
    <customHeaders>
    <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
    </httpProtocol>
    </system.webServer>
    </location>

  • Remove or comment the section:

    <!--<location path="WebClient">
    <system.webServer>
    <httpProtocol>
    <customHeaders>
    <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
    </httpProtocol>
    </system.webServer>
    </location>-->

  • Save your changes

  • A restart of any component is not necessary!

The Web Client can now be displayed in a cross domain iframe.
If you use DocuWare 6.5, you need to install Hotfix 21 first:
 
Warning: By disabling this X-Frame-Option you will open a security vulnerability. With this change others can send request from other origins and this could be used for cross site scripting.
We strongly recommend to host both applications on the same host.

Please keep in mind that Browsers will block cross domain communications if you dont use HTTPS.
Therefore, as of version 7.4:
HTTP is not supported for usage of DocuWare within an iframe (except with Firefox or if the iframe 
domain is the same as the browser domain).
See technical notes for DocuWare 7.4
Comments (0)