When Single Portal Mode is enabled, tenants can manage billings directly from their tenant instance’s admin portal. This bridges the gap between the instance and the SaaS client portal.
Issue: #
If you’re running behind a proxy or a service like Cloudflare, where the X-FRAME-OPTIONS header is set to SAMEORIGIN, you may encounter the error:
“yoursite.com refused to connect.”
This typically occurs when visiting the billing portal from the instance (especially when using subdomains or custom domains).
Resolution: #
To resolve this issue, you need to:
- Remove the X-FRAME-OPTIONS header.
- Replace it with a more flexible Content-Security-Policy (CSP) by setting:
Content-Security-Policy: frame-ancestors 'self' *.yourdomain.com;This allows iframes from subdomains or custom domains under yourdomain.com to load without being blocked.
Alternative: #
If removing X-FRAME-OPTIONS is not feasible, you can disable Single Portal Mode. This is especially recommended if you’re using custom domains for tenant instances.
Note: This issue is not experienced if you’re using the path-based scheme for tenant URLs (e.g., yourdomain.com/tenant).
For the most secure and suitable approach, consult with your system administrator or hosting provider.
