Product Information
Embed Landing Pages in your First Party Company Page with iFrames
Introduction
The landing pages in SAP Marketing Cloud can be easily published (see documentation). However, sometimes you just want to embed a simple form onto your main web page (For example, a newsletter subscription). One solution would be to embed a published landing page with an iFrame in another page, but until recently SAP Marketing Cloud prevented this due to security regulations.
With 2105 we have introduced an allow-list (see Configure Content Repositories) for domains which are considered safe for iFrame embedding. In the following chapter I show you how it works.
Setup and Example
My example scenario is a very simple newsletter subscription form which just shows an email address field and a submit button. This form has to be embedded in the side panel of my WordPress page.
Form definition
To start with, I have set up a form with the email address field and a hidden subscription field with the ‘Pre-Selected’ option active:
Landing Page
To be able to publish the form easily I use a landing page with a very simple layout which is also restricted in width to fit in my WordPress side panel.
WordPress Side Panel Configuration
After publication of the landing page I entered the landing page link in a custom HTML widget container (see below on the left). Since I did not yet add my domain to the iFrame allowlist my form does not yet show up in the preview of the web page (see also the error message in the JavaScript console at the bottom of the screenshot)
iFrame Allowlist
Below you see the new feature which is included in the app ‘Content Repository Configuration‘ which also lets you define a custom domain for your landing page publication. I added the domain of my main web page here.
Note that it is possible to specify multiple different domains here.
Final Result
Below you see the final view of my web page with the form visible in the right side panel.
Note on Online Test Environments
If you have the idea to test this in one of the numerous online HTML test environments (JSFiddle, CodePen,…) you might need to check for any hidden domains that those tools use. Here is what I found for the two mentioned ones:
No guarantee on these though – those pages might change their setup in the future.
Conclusion
Now you should be able to embed your landing pages and forms on other web pages on multiple domains.
Please also check this related blog post: Quick Tip: Pass Outbound ID to Form in iFrame
Pretty cool new feature we've been waiting for! Seems so simple yet can be so valuable 🙂
Thanks for posting Arne
Thanks a lot for the nice comment 🙂
Hi Arne,
Thank you for the nice blog, I can't wait to try it once it's live 🙂
You seem like the perfect person to ask, could you take a look at this question I posted yesterday?
It's about whether these iframed landing pages have "contact" with the website that they are embedded in, related to identification of anonymous website visitors.
Because through Google Analytics we can track anonymous website behavior, and if a visitor subsequently fills in such an embedded landing page, I'd like to use that to identify his past website visits.
https://answers.sap.com/questions/13358935/google-analytics-iframed-landing-pages.html
Kr,
Joyca
Hi Arne,
we're currently trying to establish the embedding of SMC LP data in SAP Commerce webshop.
Whenever we try to reach the LP the browser console shows the following error message:
"XMLHttpRequest at >LP-URL< from origin >Shop-URL< has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
I tried to add the shop URL to trusted domains in SAP IAS connected to the SMC tenant we use (without https, otherwise it won't be recognized as a valid domain) but without success in resolving the error. Of course the URL (with and without https) is also maintained in SMC IFrame allowance list as described in your blog.
Could you point me towards solving this problem?
BR
Nils
Hi Nils,
maybe there is also a different domain involved in the entire communication? It might be worth to check the network traffic in the browser development tools.
If that does not help I suggest to create a ticket.
Best regards,
Arne
Hi Arne (@arne.manthey),
I have a question related to the security guarantees that SAP Marketing Cloud offers for their landing pages. What security does SAP offer to the landing pages to prevent attacks, for example against someone who wants to compromise the landing page (URL).
Thank you in advance!
Best regards,
Maaike
Â