Embed Vaandin 23 Application in a Frame

andre.53 · November 18, 2024, 2:44pm

We are trying to embed an existing Vaadin23 Application into another Application.

We tried the different suggestions for Vaadin23 except for the Webcomponent route.

We tried the versions of the filters below:
CSPFilter
AntiClickjackingFilter
CorsFilter
FrameOptionsFilter

with different settings e.g.

“X-Frame-Options”, “ALLOW-FROM http://localhost:8080/v23_actionlist/”

“Content-Security-Policy”, “frame-ancestors *”

“X-Frame-Options”, “ALLOWALL”

“Access-Control-Allow-Origin”, “*”

“Access-Control-Allow-Methods”, “*”

“Access-Control-Allow-Headers”, “Origin,Content-Type,Accept”

“Access-Control-Allow-Credentials”, “true”

“X-Frame-Options”, “”

“Set-Cookie”, “null”

Testing with Edge and Chrome, with security changed to allow cookies

The Vaadin 23 Application embeds in the calling Vaadin23 Application iFrame component but displays “This application requires cookies to function. Please enable cookies in your browser and click here or press ESC to try again.” inside the frame.

Anybody that can help?

Thank you

Gunnar2 · November 20, 2024, 10:07am

You probably need to set the SameSite-Cookie-Policy to “none”. If your app is a Spring Boot app, add this to your application.properties:

server.servlet.session.cookie.same-site=none

andre.53 · November 21, 2024, 8:13am

Unfortunately it is not a Spring Boot App, but thank you for the suggestion

Gunnar2 · November 21, 2024, 12:09pm

Is your app running in Tomcat?
Then set <CookieProcessor sameSiteCookies="None" /> in context.xml.
You might also need to set antiClickJackingEnabled to false in web.xml.