Symptoms
When you try to open the Appinv.aspx page in an iframe, the page isn't successfully displayed. When this issue occurs, the request response headers include an "X-FRAME-OPTIONS: DENY" message.
Cause
To help maintain security, the Appinv.aspx page is prevented from being displayed in an iframe.
Resolution
To fix this issue, install one of the following updates:
-
Description of the security update for SharePoint Server 2019: September 14, 2021 (KB5002018)
-
Description of the security update for SharePoint Foundation 2013: September 14, 2021 (KB5002024)
To display the Appinv.aspx page in an iframe in trusted domains, the farm administrator can add the trusted domains to the AllowIframeAppAuthorizePageDomains list in the farm by running the following commands:
add-pssnapin *
$f=get-spfarm
$f.AddGenericAllowedListValue("AllowIframeAppAuthorizePageDomains","<enable domain name>")
$f.update()
Notes
-
You can add one trusted domain to the AllowIframeAppAuthorizePageDomains list by using the commands every time. Additionally, you can add a wildcard domain, such as *.contoso.com, to AllowIframeAppAuthorizePageDomains.
-
If you receive the following error message, use AllowIframeAppAuthorizePageDomains2 instead of AllowIframeAppAuthorizePageDomains when you call the AddGenericAllowedListValue method:
“AllowIframeAppAuthorizePageDomains" already exists under the parent Microsoft.SharePoint.Administration.SPFarm named…
Additionally, make sure that you have the Microsoft SharePoint Server March 2022 updates installed.
Change history
The following table summarizes some of the most important changes to this topic.
|
Date |
Description |
|---|---|
|
March 8, 2022 |
Added a note to the "Resolution" section to provide a fix if the AllowIframeAppAuthorizePageDomains setting cannot be applied. |
