0

I'm using Office Web Apps Viewer to display the contents of files that are in a folder protected by htaccess. But when the iframe is loaded it shows the content of my 403 Forbidden error page instead of the content of the chosen file.

I've used the browser's network monitor tool to see the requests when loading the iframe and I have added all the domains and subdomains that were showing up, but it keeps showing my 403 Forbidden error page.

The iframe code is as follows:

<iframe src="https://view.officeapps.live.com/op/embed.aspx?src="https://www.example.com/path/to/files/file.docx"></iframe>

The htaccess code is:

Order Deny,Allow
Deny from all
Allow from google.com

Allow from view.officeapps.live.com
Allow from pnl1-word-view.officeapps.live.com
Allow from browser.events.data.microsoft.com
Allow from pie1-word-view.officeapps.live.com
Allow from c1-word-view-15.cdn.office.net
Allow from js.live.net

If I remove the line "Deny from all", the iframe displays the file correctly.

The only question I've found about the same problem is this Allow Office viewer in my htaccess , and it is not answered...

Kirito
  • 165
  • 2
  • 9
  • Just because the embedding script/page was loaded from `view.officeapps.live.com`, does not mean the PDF you specified was loaded "by" a machine under that hostname as well. – CBroe Nov 22 '21 at 14:33
  • @CBroe is there a way to find out where that call is made from to add it to htaccess? – Kirito Nov 22 '21 at 15:08
  • Check your server log files, you should find those requests that got blocked in there. There is probably quite a chance though, that you will only see IP addresses there; and those requests will likely not be coming from one single, static IP address either, it might change over time. – CBroe Nov 22 '21 at 15:10

0 Answers0