This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 62%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Sharepoint and OneDrive public links (anyone can view) are not allowed to be iframed in a third-party app by design with XFRAME_OPTIONS = Same origin policy.
I am wondering if there is a way to white-list the domain by customer so that customer's OneDrive files can be shown in iframe in that domain.
Example : customer.saas_vendor.com logs in employees in that customer tenant via SSO (Azure AD as IdP).
Now, customer wants to pick OneDrive files and display in iframe in saas_vendor app.
CORS does not allow it. But, is there "OneDrive for saas_vendor" app (similar to "OneDrive for Slack") can be created where OneDrive files can be displayed in an iframe in customer.saas_vendor.com? OneDrive for Slack only allows the preview of the file, clicking on it opens in new tab.
Hoping to get a simple answer :-)
As far as I know, we cannot do this, check this article for details:
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
@Jaya Bandyopadhyay Does Julie's answer help you? Do you have other concerns about this issue?
-----------------
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".