SharePoint 2013 : Manage SharePoint Search Center in Iframe
Credits
This article is based on : IFraming SharePoint-hosted pages in apps, by Humberto Lezama
Problem Statement
There is a requirement to show the SharePoint Search Center in an Iframe on different domain website. After adding Search Center in Iframe, system show below exception
Chrome console error
Refused to display ***************** in a frame because it set ‘X-Frame-Options’ to ‘SOMEORIGIN’
Root Cause
From: IFraming SharePoint-hosted pages in apps
"By default, SharePoint 2013 prevents cross-domain IFRAMING of pages as a security measure to prevent clickjacking. This post explains what clickjacking is, how SharePoint prevents it, and how to allow your pages to be IFRAMED if your scenarios call for it.
SharePoint 2013 uses the X-Frame-Options header to prevent its pages from being targeted by a clickjacking attack. Each HTTP response sends an X-Frame-Options: SAMEORIGIN header, which indicates that this page must not be loaded in an IFRAME if the outer (hosting) page is on a different domain than the SharePoint page. This has some implications for IFRAME scenarios with SharePoint
- SharePoint pages that host external content in an IFRAME are not affected
- SharePoint pages that host other pages from the same SharePoint site in an IFRAME are not affected"
Resolution
From: IFraming SharePoint-hosted pages in apps
Follow the below listed step to fix this issue
- To "opt-out of clickjacking protection by adding the AllowFraming control to their .aspx pages
<WebPartPages:AllowFraming runat="server" />
This control instructs SharePoint not to send the X-Frame-Options header when this page is requested. Without the X-Frame-Options header, the page is able to be IFRAMED." [blogs.msdn.com]