Using the <iframe> tag is a quick way to embed outside content inside of Jive. However, there are a number of caveats and basic troubleshooting steps to considering when trying to bring content into Jive or trying to bring Jive into another site. This document will go over the core basics you need to understand.
Using <iframe> within HTML Widgets and Tiles
In order to use <iframe> tags within HTML Widgets, you will need to ensure that the user modifying the HTML Widget has at least one of the following permissions.
|Permission Name||Permission Fastpath||Notes|
|Full Access||Admin Console: Permissions > System Administration|
|Manage System||Admin Console: Permissions > System Administration|
|Manage Community||Admin Console: Permissions > System Administration|
|Space Administrator||Admin Console: Permissions > Space Permissions||Only applies to Spaces and their Subspaces|
Using <iframe> within the Rich Text Editor (RTE)
RTE in this context refers to any piece of content in Jive using the Rich Text Editor (i.e. not a basic text box).
By default, Jive will strip out your <iframe> tags when publishing your content. It is possible to get around this, but not without completing the following setup steps first:
- Go to Admin Console: Spaces > Settings > Filters and Macros > HTMLFilter
- Remove "iframe" from the "List of Tags to be removed"
- Note: Changes to this field will require you to restart your Web Apps
- Add your intended domain name to the "Allowed Domains" list
- Click on "Save Properties" at the bottom left-hand side of that page
- Restart your Web Apps
- Note: You only need to restart the Web Apps, so a rolling restart will suffice
Why is my <iframe> getting stripped out?
If you find that your <iframe></frame> block is being stripped out on publish/save, you most likely missed a step in the setup section above. Please review the appropriate steps and ensure you're following them correctly.
Why is the src= attribute for my <iframe> getting stripped out?
If you find that your <iframe></frame> block is not being stripped out but your src= attribute is being removed, then you're most likely using a domain name that is not in the "Allowed Domains" list under Admin Console: Spaces > Settings > Filters and Macros > HTMLFilter. Add the domain name to that list, save the changes and try it again.
Why is my <iframe> still being blocked?
Mixed Content Errors
This error applies to more than just <iframe> tags, but if you find yourself with the following error message.
Mixed Content: The page at 'https://community.mydomain.com/groups/social-group/overview' was loaded over HTTPS, but requested an insecure resource 'http://something.otherdomain.com'. This request has been blocked; the content must be served over HTTPS.
It means that your web browser is intentionally blocking your content because you're trying to call an insecure (http://) resource into a secure (https://) site. You will have to adjust every referenced resource to use https:// and that may not be possible in some circumstances, depending on what you're linking to.
If the site hosting this content does not support SSL (https://) at all, then it will give you some kind of server error stating this and you will be forced to either get the host to install SSL on their site or move the content to a site that supports SSL. This is not an error caused by Jive, but an internet standard and one that Jive has no control over it.
This error can apply to any domain being placed within an <iframe> inside of Jive that has specific SAMEORIGIN settings.
Refused to display 'https://community.mydomain.com' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
If you're curious to learn more about this header, please see X-Frame-Options - HTTP | MDN. If this is a third-party site that is being blocked, then you will have to contact the host to change their X-Frame-Options header or move the content to a site that has a more favorable X-Frame-Options configuration.