Rocket Chat Zimlet IFrame not allowed in modern browsers

Interested in talking about Mash-up's? This is the place.
Post Reply
jpmob
Posts: 1
Joined: Mon Feb 03, 2020 9:39 pm

Rocket Chat Zimlet IFrame not allowed in modern browsers

Post by jpmob »

Hi,

I am trying to get rocket chat to integrate with Zimbra 8.8.15 - https://github.com/Zimbra-Community/zimbra-rocket, but I am running into an issue with the iframe.

Even though it does create users and when I open the rocket chat url in another tab it opens fine. When I try to open it in the iframe then it complains with the console error "Refused to display 'https://rocketchat.mydomain.com/' in a frame because it set 'X-Frame-Options' to 'sameorigin'." My mail server is on the same base domain - mydomain.com in this example, but a different subdomain.

While I am guessing the issue is being on a different subdomain, how did anyone get this to work?

Many thanks for any help you can give.

John

P.S. I am sorry if this is the wrong place for this, but I couldn't think of anywhere else!
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: Rocket Chat Zimlet IFrame not allowed in modern browsers

Post by barrydegraaff »

It is still working, but if you use different sub-domains (aka zimbra.example.com rocket.example.com)
you must set the correct headers for CORS in your proxies.

You may no longer be able to use X-Frame-Options.
[ https://developer.mozilla.org/en-US/doc ... me-Options | https://developer.mozilla.org/en-US/doc ... me-Options ]
As allow-from uri is obsolete when using X-Frame-Options

If that is indeed an issue for you, consider using ` Content-Security-Policy "frame-ancestors`

In apache:
Header set Content-Security-Policy "frame-ancestors 'self' your-domains-here.org;"

To debug, use your browser developer console (F12)

Also:
As of Rocket Chat version 2.1.0 you must set the CREATE_TOKENS_FOR_USERS environment variable for this integration to work. If you use snaps:

echo "CREATE_TOKENS_FOR_USERS=true" > /var/snap/rocketchat-server/common/create-tokens.env
sudo systemctl restart snap.rocketchat-server.rocketchat-server.service
zmcontrol
Posts: 26
Joined: Fri Jul 24, 2020 12:43 am

Re: Rocket Chat Zimlet IFrame not allowed in modern browsers

Post by zmcontrol »

barrydegraaff wrote: Fri Feb 07, 2020 10:22 am It is still working, but if you use different sub-domains (aka zimbra.example.com rocket.example.com)
you must set the correct headers for CORS in your proxies.
barrydegraaff,

My apologies for the necro post.
I understand that your RC zimlets have been archived due to the wholesale changes made in v6.x.
However, I managed to get v6.5.3 running as a stand-alone non-cloud installation.
This is on 10.0.6 FOSS using the older zimlet for 8.8.15.

So far everything is working as expected except for one condition.
If a user logs off of zimbra and doesn't close the browser tab, the next user that logs in will be authenticated as the previous user in RC.
Is this something you ran into in the past while working on this project?
Much thanks for your time.
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: Rocket Chat Zimlet IFrame not allowed in modern browsers

Post by barrydegraaff »

RocketChat iFrame integration only supports log-in, there is nothing that performs a log-out.
--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
Post Reply