Known Issues

Refused to connect error

When you click the ImageVault button from Episerver, you are greeted with a Refused to connect error.

Refused to connect error

The console might also show a error message stating:

Refused to display 'xyz' in a frame because it set 'X-Frame-Options' to 'deny'.

This error can occur on both the ImageVault button or any of the ImageVault buttons that opens ImageVault from a property/tinymce editor.

This indicates that the user isn't logged in to ImageVault and tries to redirect to the login page in an iframe. This is not supported by the authentication provider that prohibits logging in into an iframe.

To solve this, upgrade to ImageVault 5.12 and ImageVault.EPiServer.UI x.6 SP8.

A workaround is to open your ImageVault in a separate tab and login to ImageVault first and then use the button.

Login problems with Episerver when using IE

When trying to logon to an external ImageVault using the popup window on a ImageVault plugin installation only on an episerver site the logon dialog don't work. You will never get authenticated and only returned to an empty logon form. Internet Explorer has a security implementation regarding the Privacy Preferences Project (P3P) wich results in that IE wont accept cookies from cross domain requests when using an iframe. This will cause problems when using the popup window to select images in IE and the user hasn't logged in to the Episerver site in this setup. This problem was registered as a bug with Episerver (#107860) but was closed with reason "As desigined".


1 Use windows authentication

Problem only exists if your Episerver site uses cookie based authentication like Forms authentication

2 Login manually

If you navigate to the ImageVault UI in a separate window, the Episerver auth cookie is set in the browser and reused in an iframe.

3 Add P3PHeader

If you add a P3P header to the HTTP response that states your Privacy Preferences IE will accept cookies. You can add the P3P header to all responses using the following setting in web.config.

                <add name="P3P" value="policyref=&quot;/w3c/p3p.xml&quot;, CP=&quot;NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM&quot;"/>

It's important to know that adding a P3P header tells the browser/client what Privacy Policies that the company stands for. Be advised to study the P3P specification for more information.

Note: Only Internet Explorer and Netscape utilizes this header and further development of the P3P standard has ceased.

More references

User get logged out from Episerver

This problem is in effect if:

  • Your standalone Episerver site and the existing Episerver site (that hosts the ImageVault UI) shares the same host name and only are separated by different ports.


Site with UI are hosted under

Standalone site is hosted under

Since the two sites uses cookies for many things (authentication, form validation, session state) and cookies in this case ignores the port, logging on to one of the sites efficiently logs out the user from the other site by overwriting the cookie value.


Use different host names on the sites so we don't get a cookie conflict.

Single sign on between ImageVault and Episerver using Forms authentication

This is achieved using the same machineKey on both installations. Requires both sites to be running on the same domain. See generate machine key for more information.

comments powered by Disqus
+46 (0)480 - 31 47 95
English website