Calling ERPNext in iframe from WordPress

Our main site is WordPress and we are calling ERPNext via iframe this works great in chrome but in ie all we get is a dim E and the desk does not load what am i missing here?


Can you please share output in chrome and IE?

In general, ERPNext gives best results in Chrome and Firefox and suggest for accessing your ERPNext account.

from a customer sat point we don’t control what clients use for their browser so we need to resolve.


from chrome

got interested how that works and just in case anybody else did as well …

iframe is a WordPress plugin that (on first sight) seems to allow embedding an external website in the WP site

We are actually using popup builder plugin so that we don’t loose customers to our ERPNext site so as you can see above the only action is x out behind this popup is our WordPress site. just wish we could get ERPNext to completely load in IE as it does in chrome.

thanks for sharing

we never got this sorted out, but are back at including in the site, here is the error:

This content can’t be shown in a frame

There is supposed to be some content here, but the publisher doesn’t allow it to be displayed in a frame. This is to help protect the security of any information you might enter into this site.

when the url is selected as a page it loads just fine wondering where we would control in ERPNext to allow in the plugin

narrowed it down to cross origin issue with nginx what needs to be added to ERPNext conf to allow this to securely happen…

This is not possible for security reasons.

nginx.conf has following header.

add_header X-Frame-Options "SAMEORIGIN";

code: bench/nginx.conf at master · frappe/bench · GitHub

Only redirects are allowed response as per the spec


Thank you for the pointer changed that in bench conf to add_header X-Frame-Options “ALLOW-FROM”;
tested it on chrome, firefox, and edge works on all

1 Like

This link says not to use ALLOW-FROM

This is an obsolete directive that no longer works in modern browsers. Don’t use it.

It is working on every browser I have tried it on however I would like to know what the replacement directive/ method of allowing this functionality from specific sites is if you know of one

1 Like