Place the web client in an iFrame

By default, you cannot place the OMI web client in an iFrame because doing so could make it vulnerable to a "clickjacking" attack. If you need to place the web client in an iFrame, you must allowlist the web page that will be hosting the iFrame.

To allow the OMI web client to be placed in an iFrame

1. On the node hosting the WebViewEngine, make a copy of the proxy server AppSettings.json file for safekeeping. The default location of this file is C:\Program Files (x86)\Common Files\ArchestrA\Services\proxyserver.

   Note: You need elevated privileges to save changes to the AppSettings.json file.

2. Open AppSettings.json in a text editor.

3. Find this section of the file:

   // List down all URLs separated by space. The web sites with the urls are allowed to embed this OMI web client inside an iframe.

     // 'self' is by default allowed. Make sure you postfix the whole value by ";" semicolon.

     // i,e. "'self' https://www.google.com https://www.aveva.com;"

     // i,e. "'none';"

     // Proxy Service must be restarted after you update frame-ancestors value.  

     "ContentSecurityPolicy": {

       "frame-ancestors": "'self'"

4. The comments in this section describe how to make the needed changes. Add each URL that should be allowed to host the web client in an iFrame to the frame-ancestors list, separating each URL with a space and ending the list with a semi-colon (;). The entire list must be enclosed in quotation marks.

5. Save your change and close the file.