Oracle Process Cloud Workspace is a web application that a user uses to interact with human activities in BPMN processes. It is a stand-alone web application in Oracle Integration Cloud Service (OICS). In some use cases, customers want to embed the Workspace application in an iframe of their own web page. Out of box, this is not possible because all HTTP responses from the Workspace have an X-Frame-Options header set to "sameorigin". It does not allow browsers to embed response data into an iframe from a different domain.
This post demonstrates a work-around solution to this problem by using a proxy server. The idea is to use a proxy server (OHS or Apache) to remove or modify the X-Frame-Options header from all responses from the Workspace.
My demo environment, shown in the image below, includes an OHS server installed on localhost:7777. I have my OICS instance running on a VM. I have a simple test web page with an iframe installed on the OHS.
Let's verify the problem exists first. The following two screen shots show the Workspace accessed directly without the proxy.
Now we create a simple web page "myworkspace.html" on our OHS instance. The page contains an iframe that points directly to the Workspace.
When accessed from my Chrome browser, the page shows a frame with blank content. This is because the Workspace content is blocked by the browser.
Note, some times I need to clear my browser cache in order for the problem to show up.
Now that we verified the problem, our solution involves configuring OHS as a proxy for all requests to the Workspace. The following is a set of configurations I used in my mod_wl_ohs.conf.
Basically I set up my OHS to proxy all requests with a URL path starts with /ic to my Workspace. The "Header" instruction tells the proxy to remove the X-Frame-Options header from response data.
In addition to configurations in OHS, we must also change the Frontend Host and Port configurations so that the host name and port from the Workspace point to our OHS server: localhost:7777 in my case. But in production, make sure a real domain name is used for the OHS. The following screen shots show you where to make these changes.
Restart ics_server1 after saving the change.
Finally, we need to change our iframe source to access the Workspace via the proxy:
Now access the page again and we should see the Workspace pages displayed inside the iframe like the following screen shots.
Final note, you can still directly access the Workspace application but you have to access it via the proxy.