Hey, see_felix,
iframes lead to vulnerabilities and can be abused, for example by clickjacking. Therefore, we decided to forbid all iframes on cloud.seatable.io. We made this decision to improve the security of SeaTable Cloud and to protect our customers. All URLs of cloud.seatable.io will have the header “X-Frame-Options: SAMEORIGIN”.
The only exceptions to that rule are the following three pages:
- /dtable/view-external-links/
- /dtable/external-links/
- /dtable/external-apps/
These are the URL or all shareable thinks (bases, views and external apps) in SeaTable. These can still be embedded into other websites. These links are all read-only; therefore there is no risk of clickjacking.
Your posted invite-link will still work, but it will not work inside an iframe.
Best regards,
Christoph
