Overview
The product team has added the 'X-Frame-Options SAMEORIGIN' value due to a reported security vulnerability issue. Because of this http header, browsers do not allow to load Kayako Classic at iFrame by default. You can re-enable it but the caveat is you might be prone to security vulnerabilities. If you wish to do so, this article provides the steps to enable the use of iFrames.
Solution
Kayako Classic OnDemand
Your instance is hosted by us so you need to submit a request to the support team.
- Click the Submit a ticket button at the top or at the bottom of this page. If you already have an open ticket with us for this issue, then skip this step (use the existing ticket).
-
Provide your domain name (e.g., domain.kayako.com).
The support team will forward your request to the SaaS Ops team for processing.
<supportagent>
For support agents, if you receive this request from a customer, follow the process for Submitting Kayako Classic SaaS Requests and use the form for 'Allow iframe for Classic Sites'.
Once the request has been fulfilled, update the customer on the status.
</supportagent>
Kayako Classic Download
Since you are hosting your instance, follow the steps below to re-enable the use of iFrames.
NOTES:
- You need admin access to the server to perform the following steps.
- Make sure to back up the files below making any changes.
- Go to your Kayako Classic installation folders.
- Navigate to the following directory:
__swift/apps/base/library/UserInterface/class.SWIFT_UserInterface.php
- Remove the line
header('X-Frame-Options: SAMEORIGIN')
from the code. - Save the file and exit.
- Navigate to the following directory:
__swift/SWIFT.php
- Remove the line
header('X-Frame-Options: SAMEORIGIN')
from the code. - Save the file and exit.