I want to display ERPNext website in an iframe embedded in an internal company site. I have my site deployed in Frappe Cloud’s private bench.
However, this does not work due to the CSRF protection enabled in nginx.
What I have tried so far -
- set ignore_csrf=1 in the site config.
The site still doesn’t open in an iframe.
Also, I don’t want to disable CSRF entirely - I just want to whitelist my company’s internal website. How do I go about doing this?