Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio webmail in iFrame (Kerio webmail in iFrame)
  •  
Markvk

Messages: 7
Karma: 0
Send a private message to this user
Hello,

I'm trying to run Kerio webmail inside an iFrame but it says the website has disabled this feature.
What is the reason for this? Security?

I found this question in a 2013 thread but it has not been answered.
I hope this question will.

Mark
  •  
Radek Sip (Kerio)

Messages: 1309
Karma: 48
Send a private message to this user
It's protection against clickjacking attacks, it was introduced in Kerio Connect 8.3.0
https://www.owasp.org/index.php/Clickjacking

see mailserver.cfg for:
<variable name="AppendHeaderXFrameOptions">SAMEORIGIN</variable>

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Markvk

Messages: 7
Karma: 0
Send a private message to this user
Thanks for your swift reply!
If I replace "SAMEORIGIN" with "ALLOW-FROM uri" what do I need to enter at uri? Or do you have some kind of instructions for this feature?
I want to embed an iFrame in https:/my.company.com, the webmail is located at https:/webmail.company.com
  •  
Markvk

Messages: 7
Karma: 0
Send a private message to this user
Found something else on the internet but that isn't working either:
<variable name="AppendHeaderXFrameOptions">ALLOW-FROM https:/company.com</variable>

(in the original file there are two /, I'm not allowed to post hyperlinks here)
  •  
Markvk

Messages: 7
Karma: 0
Send a private message to this user
Ok, how simple can it be.
ALLOW-FROM https:/webmail.company.com did the trick
Previous Topic: Difference between Apple Profile Manager and Kerio Set up
Next Topic: Archiving a emornous mailbox
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Jan 24 01:57:02 CET 2017

Total time taken to generate the page: 0.01064 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.