Unlike with EnvelopeViews:createRecipient, which has options to configure clickjacking protections via x-frame-options or csp frame-ancestors, there are no such options for the createSender view.
Due to this when displaying the sender view within an iframe element the browser blocks the request.
How can we add Clickjacking protection to the embedded sender view to avoid this and add security.
Here’s an example of the error on Firefox:
Hi Zeigo,
regarding your problem I recommend for you this document as I can see from this screenshot the browser is not able to open the page for security reason : https://www.docusign.com/blog/developers/new-browser-security-settings-and-iframes
Thank you so much and if you need any help you can raise a support case anytime at https://support.docusign.com
Hi Zeigo,
regarding your problem I recommend for you this document as I can see from this screenshot the browser is not able to open the page for security reason : https://www.docusign.com/blog/developers/new-browser-security-settings-and-iframes
Thank you so much and if you need any help you can raise a support case anytime at https://support.docusign.com
Thanks for the response but I’m not sure how Referrrer-Policy is related here. Updating the Referrer-Policy will not fix this issue as far as I’m aware.
It seems like the ability to control the x-frame-options or CSP headers (which exist for the EnvelopeViews:createRecipient endpoint) do not exist for the EnvelopeViews:createSender. Hence why this is not a problem for the recipient view, only sender view.
The options in question which exist for createRecipient but not createSender
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Back to Docusign.com
