ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

External URL Not Accessible From Channels

book

Article ID: 213343

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

In the Modern UX, after creating a Channel to display an external URL (i.e.: from a domain other than the one hosting Clarity), the page is not displayed. A blank or gray page is shown instead.

Cause

In order to show any external site in a Channel, it is necessary to fulfill both of the following conditions:

  • The domain must be an allowed domain, via the CONTENT_SECURITY_DOMAIN.
  • The external URL must not prevent the browser from displaying its content inside a frame, via certain 'X-Frame-Options' HTTP header values.

If any of the two is not fulfilled, the page cannot be shown inside a Channel.

Environment

All supported Clarity releases.

Resolution

Please ensure that both configurations allow the page to be displayed inside a Channel:

 

Allowed domains in Clarity

Please follow the steps outlined in this KB article: KB189773 - How to do Content Security Domain update in Clarity database

 

X-Frame-Options HTTP Header

Some pages have an X-Frame-Origin HTTP Header configuration that prevents the browser from displaying it inside of a frame. Example values for this header would be:

  • DENY: Page cannot be displayed inside of a frame. None of the pages with the DENY value can be shown in a Channel.
  • SAMEORIGIN: Page cannot be displayed inside of a frame from another page. For example, if your Clarity URL is "https://clarity.yourcompany.com", then "https://www.mypage.com" would be a different page, and if that one has the SAMEORIGIN value, it would not be allowed to be displayed from a Channel in your Clarity environment.
  • ALLOW-FROM uri: Only the pages listed after ALLOW-FROM can display the page inside of a frame.

This configuration is declared by the destination page and enforced by browsers. This can only be modified by the site owner.

Additional Information

X-Frame-Options MDN Web Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

X-Frame-Options Header Test: https://gf.dev/x-frame-options-test