# Liberação de acesso Embedded no Mattermost

Link: [https://developers.mattermost.com/integrate/customization/embedding/](https://developers.mattermost.com/integrate/customization/embedding/)  
[https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233](https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233)

<div class="container posts" id="bkmrk-%C2%A0aug-2020" style="text-align: justify;"><div class="with-timeline ember-view topic-navigation" id="bkmrk-%C2%A0aug-2020-1"><div class="timeline-container timeline-docked"><div class="topic-timeline"><div class="timeline-scrollarea-wrapper"></div></div></div></div></div><div class="row" id="bkmrk--1" style="text-align: justify;"><section class="topic-area" data-topic-id="10233" id="bkmrk--2"><div class="posts-wrapper"><div class="ember-view" id="bkmrk--3"><div class="post-stream widget-post-stream"><div class="topic-post clearfix sticky-avatar topic-owner regular" data-post-number="1"><article aria-label="post #1 by @justinegeffen" class="boxed onscreen-post" data-post-id="23429" data-topic-id="10233" data-user-id="4040" id="bkmrk--4" role="region"><div class="row"><div class="topic-body clearfix"><div aria-level="2" class="topic-meta-data" role="heading"><div class="post-infos">**Arquivo docker-compose.yml:**  
  
- MM_SERVICESETTINGS_ALLOWIFRAMEEMBEDDING=true  
- MM_INTEGRATIONSETTINGS_FRAMEANCESTORS="https://nextcloud1.siteinternet.com.br https://mattermost1.siteinternet.com.br"  
  
</div></div></div></div>#### [Recipe: Embedding Mattermost in web applications using an iframe \[unsupported recipe\] ](https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233)

<div class="row"><div class="topic-body clearfix"><div aria-level="2" class="topic-meta-data" role="heading"><div class="post-infos"><div class="container posts" id="bkmrk-%C2%A0aug-2020-2" style="text-align: justify;"><div class="with-timeline ember-view topic-navigation" id="bkmrk-%C2%A0aug-2020-3"><div class="topic-navigation-outlet no-answer ember-view" id="bkmrk-"></div><div class="timeline-container timeline-docked"><div class="topic-timeline"><div class="timeline-scrollarea-wrapper"><div class="timeline-date-wrapper">[ Aug 2020](https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233/1 "Jump to the first post")</div></div></div></div></div></div>  
A request that’s come up from time to time is how to embed Mattermost in web applications using an iframe.</div></div></div></div></article></div></div></div></div></section></div>Any web application embedded into another using an iframe is at risk of security exploits, since the outer application intercepts all user input into the embedded application, an exploit known as [Click-Jacking](https://en.wikipedia.org/wiki/Clickjacking). By default, Mattermost disables embedding.

**If you choose to embed Mattermost using the following instructions we highly recommend it is done only on a private network that you control.**

##### **To embed Mattermost in an iframe update your [NGINX configuration](https://docs.mattermost.com/install/install-ubuntu-1804.html#configuring-nginx-as-a-proxy-for-mattermost-server) to strip out the security policy settings in the HTTP header.**

##### **Replace all occurrences of the following line in your proxy config:**

##### **`proxy_set_header X-Frame-Options SAMEORIGIN`**

##### **Configuração no NGINX PROXY MANAGER no modo Advanced:**

##### **With the following two lines:** 

##### <span style="color: rgb(241, 196, 15);">**`proxy_hide_header    Content-Security-Policy;`**</span>  
<span style="color: rgb(241, 196, 15);">**`proxy_hide_header    X-Frame-Options;`**</span>

##### **You can view related forum posts [here](https://forum.mattermost.com/t/how-can-we-load-mattermost-in-iframe/165/15).**

<div class="regular contents" id="bkmrk--5" style="text-align: justify;"></div><div class="topic-post clearfix sticky-avatar regular" data-post-number="2" id="bkmrk-these-directives-wou" style="text-align: justify;"><article aria-label="post #2 by @dietrich" class="boxed onscreen-post" data-post-id="23532" data-topic-id="10233" data-user-id="5438" id="bkmrk-these-directives-wou-1" role="region"><div class="row"><div class="topic-body clearfix"><div aria-level="2" class="topic-meta-data" role="heading"><div class="post-infos"><div class="read-state read" title="Post is unread"><svg aria-hidden="true" class="fa d-icon d-icon-circle svg-icon svg-node"></svg></div></div></div></div></div>These directives would allow embedding only from the specific origin `https://domain.tld` and should be much safer:

<div class="row"><div class="topic-body clearfix"><div class="regular contents"><div class="cooked"><div class="codeblock-button-wrapper">  
</div></div></div></div></div></article></div>```
proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "frame-ancestors 'self' https://domain.tld; script-src 'self' cdn.rudderlabs.com cdn.segment.com/analytics.js/";

```

I’m not a security expert but I guess this should be safe for production as well.

<div class="cooked" id="bkmrk--6" style="text-align: justify;"></div><section class="post-menu-area clearfix" id="bkmrk--7"></section><div class="regular contents" id="bkmrk--8" style="text-align: justify;"><section class="post-menu-area clearfix"></section>  
</div><div class="time-gap" id="bkmrk-4-years-later" style="text-align: justify;"><div class="time-gap small-action"><div class="small-action-desc timegap">4 years later</div></div></div><div class="topic-post clearfix sticky-avatar regular" data-post-number="3" id="bkmrk-john-combsmoderator-" style="text-align: justify;"><article aria-label="post #3 by @john.combs" class="boxed onscreen-post" data-post-id="46927" data-topic-id="10233" data-user-id="7657" id="bkmrk-john-combsmoderator--1" role="region"><div class="row"><div class="topic-avatar"><div class="post-avatar">[![](https://sea2.discourse-cdn.com/flex020/user_avatar/forum.mattermost.com/john.combs/48/7118_2.png)](https://forum.mattermost.com/u/john.combs)</div></div><div class="topic-body clearfix"><div aria-level="2" class="topic-meta-data" role="heading"><div class="names trigger-user-card"><span class="first full-name staff admin">[John Combs](https://forum.mattermost.com/u/john.combs)</span><span class="user-title user-title--moderator">Moderator</span></div><div class="post-infos"><div class="post-info post-date">[<span class="relative-date" data-format="tiny" data-time="1739222313012" title="Feb 10, 2025 6:18 pm">Feb 10</span>](https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233/3 "Post date")</div><div class="read-state read" title="Post is unread"><svg aria-hidden="true" class="fa d-icon d-icon-circle svg-icon svg-node"></svg></div></div></div><div class="regular contents">  
</div></div></div>Heya [@justinegeffen](https://forum.mattermost.com/u/justinegeffen)! Just wanted to say thanks for the awesome recipe here. Have any new recipes you’d like to share for 2025? Create a thread in the new [“Recipes” topic](https://forum.mattermost.com/c/recipes/43) to let us know!

<div class="row"><div class="topic-body clearfix"><div class="regular contents"><div class="cooked">  
</div><section class="post-menu-area clearfix"></section></div></div></div></article></div><div class="regular contents" id="bkmrk--9" style="text-align: justify;"><section class="post-menu-area clearfix"></section>  
</div>### Hello! Looks like you’re enjoying the discussion, but you haven’t signed up for an account yet.

Tired of scrolling through the same posts? When you create an account you’ll always come back to where you left off. With an account you can also be notified of new replies, save bookmarks, and use likes to thank others. We can all work together to make this community great. ![heart](https://emoji.discourse-cdn.com/twitter/heart.png?v=14 "heart")

<div class="ember-view" id="bkmrk-no-thanks" style="text-align: justify;"><div class="signup-cta alert alert-info"><div class="buttons">[no thanks](https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233)</div></div></div>### <svg aria-hidden="true" class="fa d-icon d-icon-discourse-sparkles svg-icon svg-string" xmlns="http://www.w3.org/2000/svg"></svg>Related topics

<div class="more-topics__container" id="bkmrk-topic-list%2C-column-h"><div class="more-topics__lists single-list"><div aria-labelledby="related-topics-title" class="more-topics__list" id="bkmrk-topic-list%2C-column-h-1" role="complementary"><div class="topics"><div class="ember-view" id="bkmrk-topic-list%2C-column-h-2"><div class="loading-container"><table aria-labelledby="topic-list-heading" class="topic-list" style="width: 105.118%;"><caption class="sr-only">Topic list, column headers with buttons are sortable.</caption><thead class="topic-list-header"><tr><th class="topic-list-data default" data-sort-order="default" scope="col" style="width: 88.9154%;">Topic</th><th class="topic-list-data posts num" data-sort-order="posts" scope="col" style="width: 5.12515%;">Replies</th><th class="topic-list-data activity num" data-sort-order="activity" scope="col" style="width: 5.95948%;">Activity</th></tr></thead><tbody class="topic-list-body"><tr class="topic-list-item category-trouble-shoot has-excerpt excerpt-expanded" data-topic-id="165" style="text-align: justify;"><td class="main-link topic-list-data" colspan="1" style="width: 88.9154%;"><span aria-level="2" class="link-top-line" role="heading"> [How can we load Mattermost in iframe?](https://forum.mattermost.com/t/how-can-we-load-mattermost-in-iframe/165) </span><div class="link-bottom-line">[<span class="badge-category --style-square" data-category-id="16" data-drop-close="true" title="For all technical questions &amp; discussions"><span class="badge-category__name">Troubleshooting</span></span>](https://forum.mattermost.com/c/trouble-shoot/16)</div>[ How can we load the mattermost in Iframe. We have to Inbuilt the mattermost in to our application. Is there any settings we have to enable? ](https://forum.mattermost.com/t/how-can-we-load-mattermost-in-iframe/165)</td><td class="num posts-map posts  topic-list-data" style="width: 5.12515%;">[ <span class="number">13</span> ](https://forum.mattermost.com/t/how-can-we-load-mattermost-in-iframe/165/1)</td><td class="activity num topic-list-data age coldmap-high" style="width: 5.95948%;" title="Created: Sep 1, 2015 8:55 am
Latest: Apr 5, 2020 6:04 am">[<span class="relative-date" data-format="tiny" data-time="1586077449164">Apr 2020</span>](https://forum.mattermost.com/t/how-can-we-load-mattermost-in-iframe/165/15)</td></tr><tr class="topic-list-item category-trouble-shoot has-excerpt excerpt-expanded" data-topic-id="773" style="text-align: justify;"><td class="main-link topic-list-data" colspan="1" style="width: 88.9154%;"><span aria-level="2" class="link-top-line" role="heading"> [How to embed mattermost webpage to my webpage?](https://forum.mattermost.com/t/how-to-embed-mattermost-webpage-to-my-webpage/773) </span><div class="link-bottom-line">[<span class="badge-category --style-square" data-category-id="16" data-drop-close="true" title="For all technical questions &amp; discussions"><span class="badge-category__name">Troubleshooting</span></span>](https://forum.mattermost.com/c/trouble-shoot/16)</div>[ i want to directoryly embed mattermost webpage to my homepage, I not need write mattermost’UI? ](https://forum.mattermost.com/t/how-to-embed-mattermost-webpage-to-my-webpage/773)</td><td class="num posts-map posts  topic-list-data" style="width: 5.12515%;">[ <span class="number">1</span> ](https://forum.mattermost.com/t/how-to-embed-mattermost-webpage-to-my-webpage/773/1)</td><td class="activity num topic-list-data age" style="width: 5.95948%;" title="Created: Jan 18, 2016 1:31 am
Latest: Jan 19, 2016 1:57 pm">[<span class="relative-date" data-format="tiny" data-time="1453219060680">Jan 2016</span>](https://forum.mattermost.com/t/how-to-embed-mattermost-webpage-to-my-webpage/773/2)</td></tr><tr class="topic-list-item category-trouble-shoot has-excerpt excerpt-expanded" data-topic-id="5236" style="text-align: justify;"><td class="main-link topic-list-data" colspan="1" style="width: 88.9154%;"><span aria-level="2" class="link-top-line" role="heading"> [Auto-login for embedded chat integration](https://forum.mattermost.com/t/auto-login-for-embedded-chat-integration/5236) </span><div class="link-bottom-line">[<span class="badge-category --style-square" data-category-id="16" data-drop-close="true" title="For all technical questions &amp; discussions"><span class="badge-category__name">Troubleshooting</span></span>](https://forum.mattermost.com/c/trouble-shoot/16)</div>[ I’m trying to embed Mattermost into my web app. Assuming that my app users use the same credentials as mattermost users, I’d like to open a window (or iframe) with Mattermost and user already logged in. How to do this (p… <span class="topic-excerpt-more">read more</span> ](https://forum.mattermost.com/t/auto-login-for-embedded-chat-integration/5236)</td><td class="num posts-map posts  topic-list-data" style="width: 5.12515%;">[ <span class="number">5</span> ](https://forum.mattermost.com/t/auto-login-for-embedded-chat-integration/5236/1)</td><td class="activity num topic-list-data age coldmap-low" style="width: 5.95948%;" title="Created: Jun 28, 2018 8:30 am
Latest: Jul 13, 2018 9:28 pm">[<span class="relative-date" data-format="tiny" data-time="1531528087256">Jul 2018</span>](https://forum.mattermost.com/t/auto-login-for-embedded-chat-integration/5236/6)</td></tr><tr class="topic-list-item category-trouble-shoot has-excerpt excerpt-expanded" data-topic-id="2017" style="text-align: justify;"><td class="main-link topic-list-data" colspan="1" style="width: 88.9154%;"><span aria-level="2" class="link-top-line" role="heading"> [Is it possible to integrate Mattermost in existing web application?](https://forum.mattermost.com/t/is-it-possible-to-integrate-mattermost-in-existing-web-application/2017) </span><div class="link-bottom-line">[<span class="badge-category --style-square" data-category-id="16" data-drop-close="true" title="For all technical questions &amp; discussions"><span class="badge-category__name">Troubleshooting</span></span>](https://forum.mattermost.com/c/trouble-shoot/16)</div>[ We are developing web application and seeking a solution for Chat functionality. We want to include the chat or instant message functionality in our web application. Will it be possible that Mattermost can be integrated … <span class="topic-excerpt-more">read more</span> ](https://forum.mattermost.com/t/is-it-possible-to-integrate-mattermost-in-existing-web-application/2017)</td><td class="num posts-map posts  topic-list-data" style="width: 5.12515%;">[ <span class="number">8</span> ](https://forum.mattermost.com/t/is-it-possible-to-integrate-mattermost-in-existing-web-application/2017/1)</td><td class="activity num topic-list-data age coldmap-low" style="width: 5.95948%;" title="Created: Aug 4, 2016 1:49 pm
Latest: Oct 17, 2016 8:41 pm">[<span class="relative-date" data-format="tiny" data-time="1476744103902">Oct 2016</span>](https://forum.mattermost.com/t/is-it-possible-to-integrate-mattermost-in-existing-web-application/2017/9)</td></tr><tr class="topic-list-item category-trouble-shoot has-excerpt excerpt-expanded" data-topic-id="678"><td class="main-link topic-list-data" colspan="1" style="text-align: justify; width: 88.9154%;"><span aria-level="2" class="link-top-line" role="heading"> [Mattermost integration within parent application](https://forum.mattermost.com/t/mattermost-integration-within-parent-application/678) </span><div class="link-bottom-line">[<span class="badge-category --style-square" data-category-id="16" data-drop-close="true" title="For all technical questions &amp; discussions"><span class="badge-category__name">Troubleshooting</span></span>](https://forum.mattermost.com/c/trouble-shoot/16)</div>[ Good afternoon. We would integrate Mattermost to our application using an iFrame, I would like to access the “contenWindow” of that iFrame, so I can interact with Mattermost “window” object directly from my application.… <span class="topic-excerpt-more">read more</span> ](https://forum.mattermost.com/t/mattermost-integration-within-parent-application/678)</td><td class="num posts-map posts  topic-list-data" style="text-align: justify; width: 5.12515%;">[ <span class="number">3</span> ](https://forum.mattermost.com/t/mattermost-integration-within-parent-application/678/1)</td><td class="activity num topic-list-data age coldmap-high" style="text-align: justify; width: 5.95948%;" title="Created: Dec 22, 2015 4:34 pm
Latest: Jan 11, 2017 2:55 pm">[<span class="relative-date" data-format="tiny" data-time="1484153738177">Jan 2017</span>](https://forum.mattermost.com/t/mattermost-integration-within-parent-application/678/4)</td></tr></tbody></table>

</div></div></div></div></div></div>