You are currently reviewing an older revision of this page.
When embedding content into a web content field, it fails to render in one of two ways.
Blank web content fields are typically caused by the host server using response headers that explicitly restrict where content can be embedded. Typically, embedding restrictions are controlled by sending an X-Frame-Options header in the HTTP response from a web page. This can be set to either DENY to disallow embedding globally, SAMEORIGIN to allow embedding only within the same origin or an explicit domain to establish domains where content can be embedded. A blank page or a page with an error message can also arise if the site you are attempting to embed is unavailable, either due to being down or hidden from the public internet by IP whitelisting or VPN.
X-Frame-Options
DENY
SAMEORIGIN
The pink box error is caused by attempting to embed insecure content served over HTTP rather than HTTPS. Appian recommends all Appian instances accessible over the Internet are secured with HTTPS. In order to minimize vulnerabilities arising from embedding insecure content in a secure Appian environment and to prevent browser errors arising from mixed content, Appian explicitly prevents designers from embedding insecure content.
If a web content field shows up as blank, check that:
Content that uses a restrictive X-Frame-Options header cannot be embedded without changing the web server configurations of the source server. Please contact the owner of the source server to determine if this can be changed to allow your Appian instance to embed it.
If a web content field errors out with the HTTP error, the source must be configured to use HTTPS.
This article applies to Appian 18.1 and later.
Last reviewed: May 2018