jhullin

iFrame in Chrome

Monday, March 6, 2017 at 05:59am
0 votes
When accessing a session URL, I can see that eSignLive returns a few 302s and the browser does some redirects. For whatever reason, Chrome cancels one of these redirects when it's in an iFrame (https://sandbox.e-signlive.com/packages/{packageId}/sign). This seems to result in eSignLive falling back on http://sandbox.e-signlive.com/login?destination=/packages/{packageId}/sign, and Chrome gets upset about the mixed-content. Has anyone else encountered this problem and is there a solution? I don't expect this is specific to URLs generated from the Java SDK, but that's how I'm integrating.
mwilliams

Reply to: iFrame in Chrome

Monday, March 6, 2017 at 09:20am
0 votes
What is the URL that you're attempting to use as the src of the iFrame?

- Michael

Director, Partner and Developer Technologies, OneSpan

Facebook - Twitter - LinkedIn

mwilliams

Reply to: iFrame in Chrome

Monday, March 6, 2017 at 12:23pm
0 votes
Hey jhullin, I didn't make it to your post, in time. We have migrated our site and are having a few issues right now with some posts not showing up (yours being one of them - currently still MIA, but I can see it in my email :) ). I'm assuming you saw both of these options. It would appear the one from your post is the Signer Session version. Signing URL Guide Signer Session Guide There is also a method of using a session token with a url like: https://sandbox.e-signlive.com/access?sessionToken={sessionToken} and this takes you right to the ceremony without specifying the target. I will give a page similar to your a try. It looks like your'e on the old instance "e-signlive.com" instead of "esignlive.com". I haven't tried with that version in a while. Let me get back to you with my results after a couple tests.

- Michael

Director, Partner and Developer Technologies, OneSpan

Facebook - Twitter - LinkedIn

mwilliams

Reply to: iFrame in Chrome

Monday, March 6, 2017 at 01:12pm
0 votes
I just tested both of those methods without issue in an iframe in a simple html page as you posted on tomcat running on my localhost. Any more info on the failure? Maybe it's a cookies issue? I'm assuming you're able to navigate to sandbox.e-signlive.com okay straight from the browser?

- Michael

Director, Partner and Developer Technologies, OneSpan

Facebook - Twitter - LinkedIn

jhullin

Reply to: iFrame in Chrome

Tuesday, March 7, 2017 at 03:38am
0 votes
Both methods of generating a URL have the same issue. And yes, it looks like it's a cookie issue. I noticed Chrome ships with the "Block third-party cookies" checked. I cleared that box and it worked. Given this is a common default security setting in at least a couple of browsers, do most customers avoid using eSignLive in an iFrame? I see a recent post about using a pop-up window to set a cookie before using an iFrame (Safari), but pop-ups are typically blocked as well.
mwilliams

Reply to: iFrame in Chrome

Tuesday, March 7, 2017 at 04:36am
0 votes
Actually, having the signing ceremony integrated into a portal within an iframe is a very commonly used feature. I have not heard of this being a giant issue, but if this is a concern for you, you could always put in small text right above the iframe window something like, "If you have problems viewing the signing session, please ensure 3rd party cookies are enabled on your browser." Or something like that.

- Michael

Director, Partner and Developer Technologies, OneSpan

Facebook - Twitter - LinkedIn

jhullin

Reply to: iFrame in Chrome

Monday, March 6, 2017 at 10:44am
0 votes
I've tried a few ways of generating the URL through the SDK. Here's an example (should be good to go for the next 28 minutes). 
    Test iframe

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off

LoginSign Up