问题
Anyone ever had an issue when embeding a docusign signing ceremony in an iFrame?
I'm trying to test docusign embed signing by using an iFrame. But the browsers (tested on Chrome, Firefox) are refusing to render the url.
I get the embed url (which looks like https://demo.docusign.net/Signing/MTRedeem/v1/XXXXXXXXX?slt=XXX) from DocuSign and then sets this url to iFrame source on my website. But it just shows a blank page nothing comes up (instead of embeding in an iframe if I just paste the url in the url bar it renders fine). If I check the console logs in Google Chrome (on win10) I see an error Refused to display 'https://account-d.docusign.com/recipient/auth?ui_locales=en' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
<iframe src='https://demo.docusign.net/Signing/MTRedeem/v1/XXXXXXXXX?slt=XXX' height='900' width='900'>
</iframe>
If I observe the network tab the following redirects are happening:
Request URL: https://demo.docusign.net/Signing/MTRedeem/v1/XXXXXXXXX?slt=XXX
Request Method: GET
Status Code: 302 Found
Response Headers
Location: https://account-d.docusign.com/managed_token/v1/redeem/?slt=XXX
Request URL: https://account-d.docusign.com/managed_token/v1/redeem/?slt=XXX
Request Method: GET
Status Code: 302 Found
Response Headers
Location: https://demo.docusign.net/Signing/StartInSession.aspx?code=XXX
X-Frame-Options: SAMEORIGIN
Request URL: https://demo.docusign.net/Signing/StartInSession.aspx?code=XXX
Request Method: GET
Status Code: 302 Found
Response Headers
Location: https://demo.docusign.net/Signing/ActivateSecurityChecks.aspx?insession=1&ti=XXX
Request URL: https://demo.docusign.net/Signing/ActivateSecurityChecks.aspx?insession=1&ti=XXX
Request Method: GET
Status Code: 200 OK
Response Headers
Set-Cookie: BIGipDocuSign_Demo_Signing=XXX
X-DocuSign-Node: XXX
Request URL: https://account-d.docusign.com/recipient/auth?ui_locales=en
Request Method: GET
Status Code: 200 OK
Response Headers
X-Frame-Options: SAMEORIGIN
X-DocuSign-TraceToken: XXX
X-DocuSign-Node: XXX
Note: I followed this sample from docusign's official examples.
EDIT RecipientViewRequest:
{
"AssertionId":"logging in event id",
"AuthenticationInstant":"1\/29\/2020 11:09:26 AM",
"AuthenticationMethod":"password",
"ClientUserId":"logged in user id",
"Email":"my-email@mydomain.com",
"ReturnUrl":"https:\/\/subdomain.mydomain.com\/recieve",
"UserName":"signerFirst lastName",
"XFrameOptions":"allow_from",
"XFrameOptionsAllowFromUrl":"https:\/\/subdomain.mydomain.com"
}
EDIT 2
If I recall, the embeding method had worked for me in the past while testing.
This behavior of refusing to render in iFrame has started fairly recently. Maybe they have changed on their end during last month.
回答1:
In general, iframes are discouraged due to compatibility and difficulty in troubleshooting. The recommendation is to instead redirect the user to the URL and then catch the returnUrl redirect upon completing.
That said, there are two relevant parameters in the Envelopes::CreateRecipientView call
"xFrameOptions": "allow_from",
"xFrameOptionsAllowFromUrl": "https://example.com"
where the xFrameOptions parameter should be "allow_from" to enable this functionality, and AllowFromUrl should be the domain of your site.
来源:https://stackoverflow.com/questions/59970661/docusign-embed-url-not-rendering-in-iframe