Wednesday, April 17, 2013

How to enable page previews in SharePoint 2013 for content not on the Search Center host domain

The solution

  • Edit Item_WebPage_HoverPanel.html
  • Add <WebPartPages:AllowFraming runat="server" /> to your master page
Beware: This solution opens up for click-jacking, but should not be a real threat on a intranet scenario.

The journey

Ok, you start off your new SharePoint 2013 and try to be smart regarding web applications, site collections and domain names.
The full 2013 solution has one intranet and collaboration part and one part for a QMS system. Early on you agree to use the following domain structure which should make sense to the end-user.
Everyone is happy and after a month or so the issue of search comes up. To align with the existing structure you go with:

You kick off a full crawl, and start looking at the results, in particular you want those cool new previews.
No preview :(

image

Ok… don’t give up. This should be easy enough to fix. You locate Item_WebPage_HoverPanel.html and find the following line

if(!Srch.U.w(ctx.CurrentItem.csr_Path) && Srch.U.isSameHost(ctx.CurrentItem.csr_Path, Srch.U.getHostName())) {

What this does is to check if the item you are viewing is on the same domain as the search page. Of course not! We just decided to use domain names as content separators in the beginning. Ok… hmmmm.. let’s just replace the line with

if(true)

Back to the search page and reload to refresh the display template.

image

The text is pretty small, but it says: “This content cannot be displayed in a frame”. Now you start to get frustrated and fire up some internet searches. You stumble upon “IFraming SharePoint-hosted pages in apps” and find out that SharePoint 2013 adds X-Frame-Options HTTP headers to deny ClickJacking.

But, there is fortunately a fix. By adding the following control to your pages it will not send out the X-Frame-Options header.

<webpartpages:allowframing runat="server" />

As we have custom master pages all around we added the control just below the Register directives in our master pages.

Again back to the search page and reload with a working result!

image

18 comments:

  1. Be advised: this may open up your SharePoint pages to clickjacking; the X-Frame-Options header is there to prevent this. Removing it from your SharePoint pages enables iFraming on all domains. You should only add the allowframing webpart on pages that are not vulnerable to clickjacking.

    ReplyDelete
    Replies
    1. Hi,
      That is true, but for an intranet I'm not too worried about clickjacking.

      I added a disclaimer on top of the article to point it out for those not reading the full post and links.

      Delete
  2. Hi, I've just tried this but can't seem to get it to work. I have a few questions. You mention to edit Item_WebPage_HoverPanel.html. The only file I could find is a .js filie under site Settings > Master Pages > Display Templates > Search > Item_WebPage_HoverPanel.js. Is this what you were referring to?

    I've added the entry to my default.master page in the Master Page Gallery. I tested the search after this but nothing different happens. I still only shows the default preview.

    Also, I use the Link Library with website URL as items. Would this work with your solution or is your solution only for Document Libraries with Web Page items in it?

    Your help would be much appreciated.

    ReplyDelete
    Replies
    1. Hi,
      Is this on-prem or 365? Either way, you can edit the .js file as well. SharePoint has an event receiver which triggers on the update of .html display templates and converts them to .js files.

      The post was written for publishing pages, but you can make it work for wiki pages as well. I'm sure you can make it work for link libraries as well, but it might take some more configuring and involving crawl rules to trigger the correct display template.

      Thanks,
      Mikael

      Delete
    2. Thanks for the info Mikael. I'm on 365. I'd really like to get this to work with Link Libraries. At the moment when a link comes up in the search results, it's a two step process to get to the actual website as you would be aware off. It would be great if it can display the preview in the hover panel and then when clicked on go straight to the webpage rather than going to the link library item first and then having to click on the website link. Is there any guidance you can give me to somehow get this to work?

      Thanks and any help would be appreciated.

      Delete
    3. Hi,
      Interesting question and should be solvable by modifying the display templates and with the use of some javascript. Would be interesting to try out when I get the time :)

      -m

      Delete
  3. Hi Mikael,

    I've tried to get this working. In Firefox everything looks good but in IE the previews stop loading and only the header of the page is showing. I could use any advise to get this fixed.

    Thanks,
    ingo

    ReplyDelete
    Replies
    1. Hi,
      what do you mean by only the header shows? And did you add the AllowFraming tag to the masterpage of the framed content?

      Thanks,
      -m

      Delete
  4. Hi Mikael,

    I've added the AllowFraming tag to the masterpage. The problem occurs if URLs for results get redirected. For example the path of a page returned by the search is http://spserver/subdirectory but the request to this URL gets redirected to http://spserver/subdirectory/pages/overview.aspx. In this case i see an empty page with a logo. It seems like the redirect is to slow. It works perfect in Firefox but in IE I only get these empty pages.

    Do you know if there is a crawled property containing the whole Path of a site?

    Thanks,
    Ingo

    ReplyDelete
    Replies
    1. Hi,
      In 2013 it's all about managed properties on the results ;) but I'm not sure how to work around this. You could add some script that if the url/path doesn't ends with .aspx you add the file and ext yourself. The question would be if you can know what this file is at all scenarios.

      Thanks,
      -m

      Delete
    2. Hi,
      that is exactly what I've done. If the Path ends with .aspx do nothing, else if the target is a blog add '/default.aspx', else add '/Pages/Overview.aspx'. It works but I am not really happy with it as I don't know how many other exceptions I'll have to add in the next weeks.

      Thanks,
      Ingo

      Delete
    3. Hi,
      Results not ending with extensions are site/web hits. contentclass:sts_web/sts_site. You could add code and if any of these, execute a CSOM query to get the default homepage for that web, and redirect to it. Then you don't have to add business logic as to which xyz.aspx you should redirect to.

      Thanks,
      Mikael

      Delete
  5. Note: Beware, in my experience, the "webpartpages:allowframing" web control will break the MDS (but still render the page). Huge impact, if using it on any Minimal Download Strategy-enabled site templates, like Team Sites or My Sites.

    ReplyDelete
    Replies
    1. Interesting observation indeed. And perhaps a reason to not use host named site collections if you want search previews.

      Delete
  6. Hi Mikael,

    In my scenario I'm using SPO, we have publishing features enabled and have created a number of pages which use a custom page layout. Search is returning the pages, however i dont get a preview of the page, i only get the standard metdata such as who modifed it and a time stamp for example.

    How would i go about getting the preview showing for these pages, I have followed your example however i still dont get this working. Obviously in my scenario I'm not using host name site collections so all sites reside on the same domain.... Any ideas?

    Many thanks

    Steve

    ReplyDelete
    Replies
    1. Hi, you might have to add a result type matching your pages and pick the webpage display template to be used when displaying these items. That should preview the pages.

      Delete
  7. Thank you for your wonderful instruction.
    Can I apply the same fix for other documents such as Words, Excel, PowerPoint & PDF?

    Thanks,
    Calvin

    ReplyDelete
    Replies
    1. Shouldn't be a need as they are served via office web apps server.

      Delete