Problem
You are familiar with configuring the portal, and the goal is to display services or websites directly within the portal so that they open in a new portal tab. However, you encounter the following problem, when the portal tab is opened:
Investigation
The described behavior is not due to your UCS system configuration but rather a restriction imposed by the embedded website itself. Many websites implement strict security measures, such as the X-Frame-Options header or specific Content Security Policies (CSP). These mechanisms prevent the website from being displayed within an “iframe” and are designed to protect against clickjacking attacks by allowing only specific origins to embed their content.
On the UCS side, you can adjust the CSP (e.g., using the command ucr search --brief umc/http/content-security-policy) to attempt to enable embedding. However, the final control lies with the external website. To resolve this issue, the website would need to modify its security policies to explicitly allow embedding by other services or domains. Such changes are usually not feasible as they are managed by the website’s operators.
Solution
If displaying services as tiles within the portal is essential, we recommend the following alternatives:
-
Contact the website operator: Reach out to the administrator or operator of the external website to determine if embedding can be permitted. They may be able to adjust their policies to allow your domain to embed their content.
-
Open the website in a new browser tab: Configure the tile to open the service in a new tab. This bypasses the restrictions of embedding while maintaining user convenience.
These solutions ensure continued functionality while respecting the security limitations of the external website.