Hi ,
I’m trying to integrate a third-party widget inside a Forge Custom UI app, but running into what seems to be a platform limitation with Iframe embedding.
Widget Code We’re Trying to Embed:
<div id="amb-cnf-embedded-container-3" style="display: block;">
<iframe
src="https://embedder.upraise.io/ext/widget/home?embedType=3&widgetId=radnsdomfswi&installationId=ari:cloud:ecosystem::installation/23123-28b13-878327631db3fdsfdsfs"
class="amb-cnf-embedded-container-iframe"
style="display: block; height: 600px; width: 700px; left: 20%; top: 10%; z-index: 1;"
></iframe>
</div>
This iframe works perfectly in:
- Regular HTML pages
- Other non-Forge React apps
- But fails to load inside Forge.
Implementation Attempts in Forge
- Directly adding the iframe inside the Custom UI app:
- Not allowed by CSP.
- Shows:
Refused to frame 'https://embedder.upraise.io/' because it violates the following Content Security Policy directive: "frame-src 'self' ...". - Browser also logs:
X-Frame-Options: DENYon the URL.
- Dynamically injecting the iframe with React on button click:
- Used a toggle-able floating modal with iframe.
- Still blocked with same CSP and iframe origin errors.
- Tried alternate domains like Wikipedia for testing iframes.
- Same result: all external sources fail.
CSP & Platform Limitations Observed
From DevTools:
Refused to frame 'https://embedder.upraise.io/' because it violates the following Content Security
What Works
- Opening the widget URL in a new browser tab (
target="_blank") works fine. - This is currently the only viable workaround.
Questions
- Is there any supported way to embed third-party widgets in Forge Custom UI apps?
- Can we request whitelisting of certain
frame-srcorigins in the Forge CSP? - Are there recommended ways for third-party vendors like Upraise to integrate in Forge apps — maybe via SDK, APIs, or app bridges?