Recent Mantis versions (I'm using 1.2.4) send the HTTP header "X-Frame-Options: DENY" which causes the iframe embedding in Drupal to not work (Mantis does not show). Editing the core/http_api.php and either commenting out this line:
header( 'X-Frame-Options: DENY' );

or changing the DENY to SAMEORIGIN (if mantis is on the same domain as the drupal site), will fix it.

Comments

Thanks for the report, we'll see if we can find a workaround for this.

Actually, 2 parts of Mantis need to be changed (see blog post : http://www.mantisbt.org/blog/?p=102)

*******

If you want to insert your MantisBT installation within an IFrame from a page on the same domain (for instance, bugs.yourname.com contains an IFrame which loads bugs.yourname.com/mantisbt/) then you will need to change the http_security_headers() function as follows:

Find:

<?php
header
( 'X-Frame-Options: DENY' );
?>

Replace:

<?php
header
( 'X-Frame-Options: SAMEORIGIN' );
?>

Find:

<?php
header
( "X-Content-Security-Policy: allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors 'none'" );
?>

Replace:

<?php
header
( "X-Content-Security-Policy: allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors 'self'" );
?>

If you’re wanting to load your MantisBT installation in an IFrame from a different domain then you’ll need to comment out (place two forward slashes in front of) this line:

<?php
header
( 'X-Frame-Options: DENY' );
?>

You’ll then also need to make the following change where somewhere.yourdomain.com is the domain containing the page which loads MantisBT within an IFrame:

<?php
header
( "X-Content-Security-Policy: allow 'self'; options inline-script eval-script$t_avatar_img_allow; frame-ancestors somewhere.yourdomain.com " );
?>