Embedding Zendesk into an iframe is not allowed

Return to top

10 Comments

  • Theodor Kapman

    Years have passed. Are there changes?

    I want to embed my article from the help center to another site.

    5
  • Ivan Peters

    The Content-Security-Policy HTTP response header offers a mechanism that could allow this functionality securely.

    1
  • Brett Bowser
    Zendesk Community Manager
    Hey Operations, 
     
    You should be able to embed another resource into your Help Center article using the source code editor along with some custom CSS in your Guide theme.
     
    I've seen this done on some other Help Centers so if you have a developer team available they should be able to help get this set up.
     
    Let me know if you have any other questions!
    0
  • Operations

    What about the ability to iframe another resource into an article? This seems necessary. 

    0
  • Operations

    Its cool how ppl snake in with a pretty solution post after its been solved - where do i get those "Zendesk Pro" badges? 

    0
  • Tom McLellan

    It seems like there are two different use cases here:

    1 - Embedding Zendesk HC resources into an app / website so users can access articles/resources in context. Ideally there would be a Guide Settings > Security option where the admin can disable "X-Frame-options" header.

    2 - Embedding potentially unsafe HTML: This could be better managed with a Content-Security-Policy so the account admin / developer could set some parameters on safe/unsafe resources/scripts/css/etc.  

    I'm working on use case #1 for an Ionic app (iOS, Android, and single page app for web) with one code base. We're not relying on Zendesk for any direct user authentication. Without the X-Frame-Options, we're looking at these workarounds for help center articles: 

    a) Use the zendesk API to load specific articles  

    b) Implement the deprecated Support SDK for iOS/Android and classic web widget for web users 

    c) Implement messaging SDK / web widget, but it seems to be missing some key features around JWT authentication  

    d) Break context and kick users out of our application into the help center site through a browser or new tab. 

    e) Use a different CMS for our help articles 

    Maybe I'm missing something and there's an easier way? I was hoping to simply show the help center in an IFrame with our existing in-app "Contact Support" button at the bottom. 

    Update: In case it helps anyone, we went with option (a) Zendesk's article API to list and show articles directly in our single page application since iframes are not allowed. We're also experimenting with linking over to help center pages directly in a new tab / browser. 

    0
  • Viktor Osetrov
    Hi Paul Goldberg,

    Thanks a lot for your question. As we know iframe is not allowed. The reason - is due to the inherent security risks involved in iframing a web application.

    However, did you try to use iframe app https://www.zendesk.com/marketplace/apps/support/1/iframe/ ?
    The alternative way is to use API for updating your help center - https://developer.zendesk.com/api-reference/help_center/help-center-api/introduction/   

    Hope it helps
     
    0
  • Dave Dyson
    Zendesk Community Manager
    If you're talking about the badges like Brett or I have, then most of those mean we're Zendesk employees of one sort or another. But we do have a Community Moderators program for other folks who are interested in helping out in the Zendesk community: About the Zendesk Community Moderator Program
    0
  • Paul Goldberg

    I'm interested in running an A/B test for our Zendesk support site, the program we are using (crazyegg.com) requires the use of iframe. Can we work with a tech team to allow for temporary iframe allowance to complete this test?

    0
  • Operations

    I found another post that implicitly answers my question. To embed content into a Zendesk article, you first need to change your settings to "allow unsafe content".

    To allow unsafe HTML in HTTP responses

    1. In Guide, on the sidebar, click the Settings icon.
    2. Under Guide Settings > Security, click Display Unsafe Content check box.
    3. Click Update.

    With this checked you should be able to embed. 

    Link to article 

    0

Please sign in to leave a comment.

Powered by Zendesk