Zendesk does not allow iframing of Zendesk due to the inherent security risks involved in iframing a web application.
The security risk, UI Redressing, or, as it's more commonly known, "clickjacking", is a class of attack that uses an iframe element on a web page that is actually overlaying another website.
As in the example described in this blog post, users can be lured into thinking that they are accessing a separate website when in fact they are allowing the hacker into a website they've already logged into (their online banking account, for example).
Zendesk prevents the iframing of Zendesk by setting an HTTP header (X-Frame-options) to SAMEORIGIN for all server responses. This policy took effect on June 30th, 2013.
5 Comments
Years have passed. Are there changes?
I want to embed my article from the help center to another site.
What about the ability to iframe another resource into an article? This seems necessary.
You should be able to embed another resource into your Help Center article using the source code editor along with some custom CSS in your Guide theme.
I've seen this done on some other Help Centers so if you have a developer team available they should be able to help get this set up.
Let me know if you have any other questions!
I found another post that implicitly answers my question. To embed content into a Zendesk article, you first need to change your settings to "allow unsafe content".
To allow unsafe HTML in HTTP responses
1. In Guide, on the sidebar, click the Settings icon.
2. Under Guide Settings > Security, click Display Unsafe Content check box.
3. Click Update.
With this checked you should be able to embed.
Link to article
The Content-Security-Policy HTTP response header offers a mechanism that could allow this functionality securely.
Please sign in to leave a comment.