+2Unlike with EnvelopeViews:createRecipient, which has options to configure clickjacking protections via x-frame-options or csp frame-ancestors, there are no such options for the createSender view.
Due to this when displaying the sender view within an iframe element the browser blocks the request.
How can we add Clickjacking protection to the embedded sender view to avoid this and add security.
Here’s an example of the error on Firefox:
+3Hi Zeigo,
regarding your problem I recommend for you this document as I can see from this screenshot the browser is not able to open the page for security reason : https://www.docusign.com/blog/developers/new-browser-security-settings-and-iframes
Thank you so much and if you need any help you can raise a support case anytime at https://support.docusign.com
+2Hi Zeigo,
regarding your problem I recommend for you this document as I can see from this screenshot the browser is not able to open the page for security reason : https://www.docusign.com/blog/developers/new-browser-security-settings-and-iframes
Thank you so much and if you need any help you can raise a support case anytime at https://support.docusign.com
Thanks for the response but I’m not sure how Referrrer-Policy is related here. Updating the Referrer-Policy will not fix this issue as far as I’m aware.
It seems like the ability to control the x-frame-options or CSP headers (which exist for the EnvelopeViews:createRecipient endpoint) do not exist for the EnvelopeViews:createSender. Hence why this is not a problem for the recipient view, only sender view.
Already have an account? Login
Join the Docusign Community by logging in with your Docusign developer or customer account credentials.
Don’t have an account? You can create a free one when registering.
Note: Partner-specific logins are not available yet. Partners should log in as either a customer or developer
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Back to Docusign.com
