Zendesk does not allow iframing of Zendesk due to the inherent security risks involved in iframing a web application.
The security risk, UI Redressing, or, as it's more commonly known, "clickjacking", is a class of attack that uses an iframe element on a web page that is actually overlaying another website.
As in the example described in this blog post, users can be lured into thinking that they are accessing a separate website when in fact they are allowing the hacker into a website they've already logged into (their online banking account, for example).
Zendesk prevents the iframing of Zendesk by setting an HTTP header (X-Frame-options) to SAMEORIGIN for all server responses. This policy took effect on June 30th, 2013.
16 comments
fk
Years have passed. Are there changes?
I want to embed my article from the help center to another site.
9
Operations Support
What about the ability to iframe another resource into an article? This seems necessary.
0
Brett Bowser
You should be able to embed another resource into your Help Center article using the source code editor along with some custom CSS in your Guide theme.
I've seen this done on some other Help Centers so if you have a developer team available they should be able to help get this set up.
Let me know if you have any other questions!
0
Operations Support
I found another post that implicitly answers my question. To embed content into a Zendesk article, you first need to change your settings to "allow unsafe content".
To allow unsafe HTML in HTTP responses
1. In Guide, on the sidebar, click the Settings icon.
2. Under Guide Settings > Security, click Display Unsafe Content check box.
3. Click Update.
With this checked you should be able to embed.
Link to article
0
Ivan Peters
The Content-Security-Policy HTTP response header offers a mechanism that could allow this functionality securely.
1
Tom McLellan
It seems like there are two different use cases here:
1 - Embedding Zendesk HC resources into an app / website so users can access articles/resources in context. Ideally there would be a Guide Settings > Security option where the admin can disable "X-Frame-options" header.
2 - Embedding potentially unsafe HTML: This could be better managed with a Content-Security-Policy so the account admin / developer could set some parameters on safe/unsafe resources/scripts/css/etc.
I'm working on use case #1 for an Ionic app (iOS, Android, and single page app for web) with one code base. We're not relying on Zendesk for any direct user authentication. Without the X-Frame-Options, we're looking at these workarounds for help center articles:
a) Use the zendesk API to load specific articles
b) Implement the deprecated Support SDK for iOS/Android and classic web widget for web users
c) Implement messaging SDK / web widget, but it seems to be missing some key features around JWT authentication
d) Break context and kick users out of our application into the help center site through a browser or new tab.
e) Use a different CMS for our help articles
Maybe I'm missing something and there's an easier way? I was hoping to simply show the help center in an IFrame with our existing in-app "Contact Support" button at the bottom.
Update: In case it helps anyone, we went with option (a) Zendesk's article API to list and show articles directly in our single page application since iframes are not allowed. We're also experimenting with linking over to help center pages directly in a new tab / browser.
1
Wyze Support Bot
I'm interested in running an A/B test for our Zendesk support site, the program we are using (crazyegg.com) requires the use of iframe. Can we work with a tech team to allow for temporary iframe allowance to complete this test?
1
Viktor Osetrov
Thanks a lot for your question. As we know iframe is not allowed. The reason - is due to the inherent security risks involved in iframing a web application.
However, did you try to use iframe app https://www.zendesk.com/marketplace/apps/support/1/iframe/ ?
The alternative way is to use API for updating your help center - https://developer.zendesk.com/api-reference/help_center/help-center-api/introduction/
Hope it helps
0
Operations Support
Its cool how ppl snake in with a pretty solution post after its been solved - where do i get those "Zendesk Pro" badges?
0
Dave Dyson
0
David-Alex West
We have the guide articles integrated as a repository within a third party widget on our product already. They require an iFrame compatible URL to integrate the chat functionality. Is this possible?
1
Allie Cliffe
My team is developing an online course (Intro to Data Tables in Leanpub), and we would love to embed our Zendesk support docs as iFrames instead of linking out to in the content a different tab or (worse) repeating the content in Leanpub.
Is there any way to allow iframes to reference Zendesk for specific instances (IP addresses)?
0
David-Alex West
Allie Cliffe My team has tried every variation we can think of for making this work. It will not. The function is not allowed because of a blanket security policy regarding access through iFrames. We can integrate chat but the articles that we want to have viewed within our environment will ALWAYS link out, away from our product, to an additional log in screen because our KB is gated. I don't see it changing anytime soon. This has been asked for in different ways for so long and no updates or answers are being given for paths forward. Only "no's".
0
Allie Cliffe
David-Alex West I suspected that was true, but figured it didn't hurt to put a word in with Zendesk support. I suppose it's hard to move such a big ship, even if the direction is a good one.
0
David-Alex West
Allie Cliffe I'd assume a ship this big is like steering an island. I have fingers crossed and workarounds ready, waiting for the future.
0
Viktor Kemenczei
We experience the same problem where the iframe source code doesn't display in Zendesk Guide articles. After a little research, I have found that iframe embedding actually possible, although only from authorised domains. I'm unsure how to get your domains authorised by Zendesk, but it's worth a try reaching out to them.
Source article:
https://support.zendesk.com/hc/en-us/articles/4408824584602#topic_bjj_r4x_kxb__section_t4m_rrx_kxb
See the screenshot of the section below:
0