Skip to main content

Hi everyone I ran into this issue hopefully someone can help me out

Issue

Web App with  https://test.domain1.io
Launches iFrame in modal window to https://test.domain2.io

(different domains)

The iFrame app launches Docusign using Focused View and client libraries from DocuSign for end user to sign. The launch will not work and there is an error in the console showing -

Refused to frame 'https://apps-d.docusign.com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://test.domain2.io"

 

I am following this how-to:

https://developers.docusign.com/docs/esign-rest-api/how-to/request-signature-focused-view/

 

I also put both domains (https://test.domain1.io, https://test.domain2.io, https://apps-d.docusign.com) in  frameAncestors field when creating the recipient view URL.

 

How can we pass https://test.domain1.io to the Docusign so it will properly configure the CSP?

 

Hello,

For some reasons, DocuSign suggests other alternatives to iFrames, and embedded Signing is one of them. You can use a react code as an alternative, as you can see here:

https://github.com/docusign/code-examples-react

Note that Embedded View and iFrames are different technologies, so it is unlikely that you can use both at the same time. If you need further assistance. Maybe you need to reach out our Developer Team asking to review your code if you still run into issues or if you want to follow up with iFrames. 


Hello,

 

I had the same issue. To fix it:

  1. frameAncestors needs to be an array like 'https://apps-d.docusign.com', ‘${yourSite}’]. Replace ${yourSite} with https://test.domain2.io. Maybe also add https://test.domain1.io  to this.
  2. messageOrigins needs to be an array like ‘https://apps-d.docusign.com’]

For development environment we use https://apps-d.docusign.com, replace it with https://apps.docusign.com for production.

 

Reference:

Hope this helps.


Reply