X-Frame Options to Deny

Creation date: 4/11/2019 4:32 PM    Updated: 4/11/2019 4:46 PM
Question:

We are unable to use the helpdesk app in an IFRAME, specifically the login page, we receive this error: 

Refused to display 'https://<ourcompany>.jitbit.com/helpdesk/User/Login' in a frame because it set 'X-Frame-Options' to 'deny'.

Is there a way to authenticate our users with SSO without having them hit this login page, or, is there something we can do as a work around?



Answer:

Yes, we've added this header after a security audit, to stay compliant with some certifications. Allowing user logins in an iframe is a security risk.

If you use SSO via SAML however (e.g. you authenticate with Azure Active Directory), you might not need the login form at all, try setting your iframe to ".../helpdesk/Saml/Auth" directly. That should help.

Errors and solutions for Jitbit Helpdesk ticketing system