Let's follow up this discussion at the Neptune Community
(this forum will be kept in read-only mode)
We have built a Neptune app to create purchase requisitions. One of the options we have provided is to create requisitions by using punchout cataloges (exactly what SRM does) in ERP system by enabling a business function to do so.
In the Neptune app I am using an iframe to show the external punchout catalog and it works fine. Customer's requirement is to make it work with internal SAP MDM catalogues (Java based web dynpro app). This works fine in the back end but when trying to display it in the iframe using Neptune I get the following error message:
This looks like a "Clickjacking" prevention and doesn't allow me to show the catalogue in an iframe. I have seen a couple of OSS notes about white listing or switching the security option off but unfortunately they are on an old MDM 5.0 version (Java based) and that option can not be found.
Do you have any recommendations on how to get around this?
You need to allow the WebDynpro App to run in the Domain, if it is a different one.
Checkout this topic, in the end.
X-Frame-Options HTTP Header field
Also still available is the X-Frame-Options HTTP header field. This feature was introduced by Microsoft Internet Explorer 8+ and has been adopted by other browser vendors. Depending on the attribute value, the browser evaluates which hosting frames are allowed to include a certain page in a frame.
For more information see SAP Note 1781171 .
Thanks Ole-Andre. That's what I was thinking just the BASIS team was telling me that the security option is not there so I was looking for a different way but finally they sorted it.