Zimbra does not work into an iframe

[claudio]

Hi there,
I've always used zimbra inside an iframe on my page, but since I've get the new version of zimbra no content appear into the iframe, just a blank page.
Is this due to security policies? Any solutions?
Thanks a lot

[phoenix]

Hi there,
I've always used zimbra inside an iframe on my page, but since I've get the new version of zimbra no content appear into the iframe, just a blank page.
Is this due to security policies? Any solutions?
Thanks a lot

You've posted this in the Zimbra Desktop forum, is that what your question is about?

[claudio]

You've posted this in the Zimbra Desktop foru, is that what your question is about?

Sorry phoenix, I've posted in General Questions sections without see that it refers just to Zimbra Desktop...
I'm using zimbra webmail...

[fang0654]

We've also seen this behavior in 8.0. Before, we used iframe's to open the SSL links to the webmail, but it just gives a blank screen now.

[Crayz9000]

I'm really not sure why you would want to propagate such a terrible practice. Iframes have been deprecated for years, and mixing HTTP and HTTPS content on a single page is never recommended for any web developer. Modern web browsers such as Safari, Chrome, Firefox and IE9 will also throw a hissy fit if they detect mixed content.

If you want Zimbra to just redirect from http:// to https:// automatically, look here: CLI zmtlsctl to set Web Server Mode - Zimbra :: Wiki

[fang0654]

I'm really not sure why you would want to propagate such a terrible practice. Iframes have been deprecated for years, and mixing HTTP and HTTPS content on a single page is never recommended for any web developer. Modern web browsers such as Safari, Chrome, Firefox and IE9 will also throw a hissy fit if they detect mixed content.

If you want Zimbra to just redirect from http:// to https:// automatically, look here: CLI zmtlsctl to set Web Server Mode - Zimbra :: Wiki

It isn't for redirecting, but more for handling multiple domains, while still being able to handle SSL.

We host about 150 domains on our server, and some of our clients want to be able to access e-mail using their own domain. Granted, we can set up a proxy and start hosting multiple SSL certs, but that gets cumbersome, (and expensive) pretty quickly. Using iFrames, we have had 0 issues in the past, including with all of the major browsers.

As an example, look at:

EnTechServ Webmail

That is an iFrame, which points to https://zimbra.metstaff.com, which works without issue (we are holding off on upgrading this system until we get this fixed).

I opened up a bug report, https://bugzilla.zimbra.com/show_bug.cgi?id=78358. It was a new security option added to 8.0. I'm trying to see if I can compile my own copy without it now.