Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
en:webzone [2021/08/25 10:29] 127.0.0.1 external edit |
en:webzone [2023/06/22 14:30] (current) admin [Web Zone prerequisites] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Web Zone prerequisites ====== | ====== Web Zone prerequisites ====== | ||
| + | |||
| ===== Introduction ===== | ===== Introduction ===== | ||
| Line 26: | Line 27: | ||
| ** - The site i integrated in a page is not displayed, neither in the zebrix interface nor on the screens** | ** - The site i integrated in a page is not displayed, neither in the zebrix interface nor on the screens** | ||
| - | Some sites forbid to be integrated into another site. This option is set by the webmaster or network administrator of the website you are trying to integrate. | + | Some sites forbid to be integrated into another site. This option is usualy set by the developer or administrator of the website you are trying to integrate. |
| + | It is actualy a common recommanded setting for security reason. | ||
| - | This prohibition is defined by the HTTP header (header) "X-Frame-Options: SAMEORIGIN" sent by the web server. | + | This prohibition is defined by an http header set by the web server and taken into account by your web browser (and the integrated one into the display). |
| - | It is not possible to embed in a web area a web page that is blocked by this option unless you can edit / change this setting. | + | One of these two following headers (or both) could prevent the web content to be displayed in the page editor or on the screen: |
| + | |||
| + | There are different options, such as "SAMEORIGIN" which only allows iFrames from the same domain, and "DENY" which completely blocks iFrames. | ||
| + | |||
| + | - "X-Frame-Options" (considered as deprecated my most recent web browsers) | ||
| + | - "Content-Security-Policy" | ||
| {{public_media:x-frame-options-sameorigin.png?nolink|}} | {{public_media:x-frame-options-sameorigin.png?nolink|}} | ||
| + | |||
| + | In the example above, the X-Frame-Options only allow website having the same domain (same origin) to embed it. As zebrix is considered as a different website (other domain name), the zebrix domain name has to be added in a whitelist. | ||
| + | |||
| + | Here is how the **X-Frame-Options** header can be set : | ||
| + | |||
| + | <code>X-Frame-Options: Allow-From *.zebrix.net;</code> | ||
| + | |||
| + | Here is how the **Content-Security-Policy** header needs to be adjusted: | ||
| + | |||
| + | <code>Content-Security-Policy: frame-ancestors 'self' *.zebrix.net;</code> | ||
| ** - The site I want to embed in my page displays ads or messages in the foreground, how can we make them disappear ?** | ** - The site I want to embed in my page displays ads or messages in the foreground, how can we make them disappear ?** | ||
| Line 43: | Line 60: | ||
| But for some cases, if you're using a NUC, the firmware version could be the cause, is so, please contact our support : support.ds@manganelli.com | But for some cases, if you're using a NUC, the firmware version could be the cause, is so, please contact our support : support.ds@manganelli.com | ||
| + | ** - The site I embedded in a page does not display or displays badly on the screens ** | ||
| + | |||
| + | Sandboxes are browser features that allow you to restrict the actions that can be performed by the content of an iFrame. | ||
| + | This can include restricting scripts, forms, etc. | ||
| + | There is an option in the hardware tools to disable sandboxing on screens. | ||
| + | Warning! The SandBox of an iframe is a security feature that prevents external content from running on the screen. | ||
| + | We strongly advise against disabling the SandBox of an iframe, unless your situation requires it and you understand the risks involved. | ||
