Magento Tips & Tricks

Magento 2: Allow backend run in frame

Recently I’ve got request to make magento backend working in iframe. Quick googling gives me link to official documentation with instructions on how to setup storefront to be displayed in iframe. I did not pay attention to storefront word at that point. Backend still not work in iframe and gives an error:

Refused to display 'https://site.com/admin/admin/dashboard/index/key/...../' in a frame
because it set 'X-Frame-Options' to 'sameorigin'.

Apparently changes suggested by documentation did not work for backend. Further investigation gives me following files to check:

/www/nginx.conf
/www/setup/pub/.htaccess
/www/setup/src/Magento/Setup/Test/Unit/Model/ConfigGeneratorTest.php
/www/setup/src/Magento/Setup/Model/ConfigGenerator.php
/www/setup/src/Magento/Setup/Module.php
/www/lib/internal/Magento/Framework/App/Response/HeaderProvider/XFrameOptions.php
/www/pub/.htaccess
/www/nginx.conf.sample

It appear that there is separate constant for backend in XFrameOptions.php. To update it you need to change following code:

/** Always send SAMEORIGIN in backend x-frame-options header */
const BACKEND_X_FRAME_OPT = 'SAMEORIGIN';

Useful Links

Magento 1 not working in iframe?
Magento Documentation – X-Frame-Options header

Leave a Reply

Your email address will not be published. Required fields are marked *