Embed a web page in your app.

Content security

In order for an embedded web page to load in the Iframe component, you need to add the origin to Frame Targets under Content security within a given environment configuration. The origin consists of the URL scheme (http:// or https://) and full domain of the hosting page. For example, to embed a video from YouTube you would specify https://www.youtube.com as the value.


Enable Sandbox

Apply restrictions to what the content in the iframe can do. If you select this checkbox, a list of restrictions will be revealed (see list below). To lift a particular restriction, you must select the appropriate checkbox. If you do not lift any restrictions, all restrictions will apply.

The following restrictions can be configured. For information about how each of these restrictions work, see the <iframe> documentation on MDN.

  • Allow top navigation

  • Allow top navigation by user action

  • Allow forms

  • Allow scripts

  • Allow same origin

  • Allow popups

  • Allow pointer lock


The source URL of the web page to embed. See Content security.

Last updated