Using the Embed Option in Forms and Grids
Audience:
Citizen Developer
Skill Prerequisites:
HTML
The Embed
option, available for Grids under Advanced UI Settings
and Forms under Advanced Settings
when Display Mode
is set to Initially Visible
, allows the form or grid to be embedded on another site so that data can be updated and viewed on the other site. When selected, the embed code to use on the other site is automatically provided.
While this option can be very useful, there are special considerations when using it.
If your form or grid utilizes any open in popup actions (i.e., Open Action Form in Popup
or Open FileManager in Popup
) those popups will not work on the site where you have the form embedded.
Special Considerations
- Do not mix
HTTP
andHTTPS
(i.e., origin site isHTTPS
and site where the form is embedded isHTTP
) because "Mixed Active Content" is blocked by all major browsers. It's recommended to always useHTTPS
. - If you have issues displaying the embed code on the target site, confirm the following:
- The permissions for the page where the form is located are set to allow the
All Users
RoleView
permission (i.e., the page is public). - The web.config on the origin website is properly set. Under the
httpProtocol/customHeaders
section there should be one remove tag forX-Frame-Options
header and there shouldn't be any other add tags forX-Frame-Options
that sets the header. Here is an example of thatweb.config
section with theX-Frame-Options
setting correctly added:
- The permissions for the page where the form is located are set to allow the
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="X-XSS-Protection" />
<remove name="X-Frame-Options" />
<add name="X-XSS-Protection" value="1; mode=block" />
</customHeaders>
</httpProtocol>
- Because of the latest cookie policies enforced by Chrome, for the Embed option to work, there are some additional changes to the origin site's
web.config
that need to be implemented. In thesystem.web/authentication
section in theforms
tag you need thecookieSameSite
attribute set totrue
withrequireSSL
set totrue
. Additionally,httpCookies
should have thesameSite
attribute set toNone
also withrequireSSL
set totrue
. Here are examples of those settings:
<system.web>
...
<authentication mode="Forms">
<forms cookieSameSite="None" requireSSL="true" />
</authentication>
...
<httpCookies sameSite="None" requireSSL="true" />
..
</system.web>
Additional Information and Consideration
For more information and additional considerations when embedding a form or grid on another site, please read this article from Chrome Platform.