1

I referred https://angular.io/guide/security#xss and trying to display a PDF on our intranet sharePoint site on a web page

Here is template: help.component.html:

<iframe class="e2e-iframe-trusted-src" width="640" height="390" [src]="trustedUrl" ></iframe>

and component: help.component.ts

import { Component, OnInit } from '@angular/core';
import { SessionResetService } from '../../services/session-reset.service';
import { DomSanitizer, SafeUrl } from '@angular/platform-browser';

@Component({
  selector: 'app-help',
  templateUrl: './help.component.html',
  styleUrls: ['./help.component.scss']
})
export class HelpComponent implements OnInit {
    public trustedUrl: SafeUrl;
    public helpUrl: string;
    constructor(private _resetSession: SessionResetService,
        private sanitizer: DomSanitizer) {
        this.helpUrl = "https://website Url/Tool.pdf";
        this.trustedUrl = this.sanitizer.bypassSecurityTrustResourceUrl(this.helpUrl);
    }

    ngOnInit() {
        this._resetSession.CallResetSession();
  }
}

I tried appending &embedded=true as suggested: How to fix Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin

but that didn't work as well. Please guide

SilverFish
  • 1,014
  • 6
  • 28
  • 65
  • 1
    Can you open that resource in a browser and look at the response headers? If you are seeing `x-frame-options: SAMEORIGIN` in the response headers then you will need to work with the owner of that resource to provide a mechanism to remove that. The SO question linked is specifically for Google Docs. – Daniel W Strimpel Mar 02 '20 at 18:56
  • Daniel, Can you please guide what/where the owner has to remove for SO? – SilverFish Mar 02 '20 at 20:15
  • The owner of the resource will need to not send down an `x-frame-options` header when returning the PDF. Here is the MDN article around that header for more information on what it is: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options. – Daniel W Strimpel Mar 02 '20 at 20:18
  • X-FRAME-OPTIONS: SAMEORIGIN , yes I see this under network tab. Thanks – SilverFish Mar 02 '20 at 20:38

0 Answers0