Topic: Stealth forwarding iframe does not work properly.

[balc]

Hi,
I have a website on domain x like https://example.com. One of our customers want to use their own domain name in the address bar and redirect to our web application. In the control panel of the customers website, we can forward the site to our domain without issues (stealth forwarding). After that, we are able to see the site and navigate to some options. But there are some issues/limitations. I cannot open some links, or click on tabs. The login feature works for chrome but not for internet explorer. Is this due the jump of http to https within an iframe? Or is it related to CORS? I have a Windows 2008 R2 server with Apache, which is the frond-end for the tomcat instances. "Tomcat Apache" serves our Java-based web application (mod_jk binded)

How can i fix this issue?

Any idea is appreciated.

[balc]

After research i get the following error message:

Refused to display 'https://subdomain.domain.com' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

Any idea?

What is the best way to enable only one site to embed in iframe and deny all the other sites?

Or should i create a subdomain on my own environment like:

https://customername.domain.com

How to realize this? And what are the settings

[James Blond]

Well in the underlying page you have to set a