Page History

...

Running Servoy Web Client inside a Frame or IFrame

By default, a Servoy Web Client runs in the main browser window. It , but it is possible though to run the Web Client inside a Frame/IFrame inside other embedded in another webpage.

When running a Servoy Web Client inside an Frame or IFrame (here onwards just called frame) and the domain of the page into which the frame is embedded (for example: http://www.mycompany.com/pagewithframes.html) does not equal the domain from which the Web Client is hosted (for example http://mycompany.hostingcompany.com), there is a possible issue with the ability of storing HTTP Cookies.

Based on the settings of the browser, these so-called Third Party Cookies are blocked from storage. Internet Explorer does this by default, most other browsers allow it by default, disallows the storage of Cookies from within frames if the domains of the page hosting the frame and the page inside the frame do not matchbut this can be turned off by the user.

The Servoy Web Client uses HTTP Cookies to save the position and location of dialogs and the functions application.setUserProperty(...) and application.getUserProperty(...) utilize Cookies in the Web Client. If no dialogs are used in the application and User Properties are not used, there is no issue. Also when the page hosting the frame and the page inside the frame are hosted from the same domain there is also no issue.

However, if dialogs or User Properties are used and are deemed important and the domains do not match, extra steps are required to make use that the application will function properly.

Option 1: Altering the Security level in Internet Explorer on every client machine
By default the privacy level setting of Internet Explorer is set to Medium. This setting can be found under Tools > Internet Options > Privacy tab.

When the level is set to Medium, third party cookies without a Compact Privicy Policy will be blocked. By altering the privacy level to the lowest level "Accept All Cookies" the third party cookies will get accepted. Although this works, it means that in order to be able to use the Solution properly the setting needs to be altered in the browser of all individual users. It can be that corporate IT departments restrict the user from altering this setting.

Third party cookies: these are Cookies from a different domain than the domain from the main page displayed in the browser.
Cookies without Compact Privicy Policy: These are cookies from pages that do not include a so-called P3P header in the HTTP Response

Option 2: the cookies cannot be stored, the Web client will continue to operate, but the position and sized of the dialogs and the value of user Properties will not be remembered.

The only remedy to the issue is configuring the browser to accept Third Party Cookies and this needs to be done by the user. As Internet Explorer does not allow Third Party Cookies by default, this browser is usually the one that causes Problems. Luckily, for Internet Explorer there is something that can be done by the developer of the webpage that is being displayed in the frame.

Adding a "Compact Privacy Policy" header to the Web Client pages
A Compact Privicy policy header is a specific header in the HTTP Response of a Web Client page, with a compact description of a Platform for Privacy Preferences (P3P) policy.

...

...
  <filter>
  	<filter-name>P3PHeaderFilter</filter-name>
  	<filter-class>com.servoy.extensions.server.filter.P3PHeaderFilter</filter-class>
  	<init-param>
  		<param-name>P3P-value</param-name>
  		<param-value>CP="CAO PSA OUR"</param-value>
  	</init-param>
  </filter>
  <filter-mapping>
  	<filter-name>P3PHeaderFilter</filter-name>
  	<url-pattern>/*</url-pattern>
  </filter-mapping>
...