Overview
The product team has added the 'X-Frame-Options SAMEORIGIN' value due to a reported security vulnerability issue. Because of this http header, browsers do not allow to load Kayako Classic at iFrame by default. You can re-enable it but the caveat is you might be prone to security vulnerabilities. If you wish to do so, this article provides the steps to enable the use of iFrames.
Solution
Kayako Classic Download
Since you are hosting your instance, follow the steps below to re-enable the use of iFrames.
NOTES:
- You need admin access to the server to perform the following steps.
- Make sure to back up the files below making any changes.
- Go to your Kayako Classic installation folders.
- Navigate to the following directory:
__swift/apps/base/library/UserInterface/class.SWIFT_UserInterface.php
- Remove the line
header('X-Frame-Options: SAMEORIGIN')
from the code.
- Save the file and exit.
- Navigate to the following directory:
__swift/SWIFT.php
- Remove the line
header('X-Frame-Options: SAMEORIGIN')
from the code. - Save the file and exit.