Whitelist Websites

Operations Hub allows to load content from whitelisted URLs.

About this task

With Operations Hub v2.1 release, third party websites are no longer allowed to use iframe to embed End Apps into their pages because of security considerations.

Starting with Operations Hub v2.1 SIM2, it is possible to whitelist trusted sites to use iframe with End Apps. Note at this time, this whitelist applies to all End Apps.

Procedure

  1. Gather a list of one or more websites that you want to use iframe to embed EndApps.
    1. Format each website URL as follows with the actual hostname and port number: 
      https://hostname:port
    2. For hostname, enter simple names or fully qualified domain names (FQDNs). It is recommended to include all referenced aliases.
    3. Ignore the port if it is 443.
  2. On the host machine where Operations Hub is installed, add an environment variable TRUSTED_FRAME_SITES.
    1. Open the Windows Run command.
    2. Enter sysdm.cpl and select OK.
      The System Properties window appears.
    3. On the Advanced tab, select Environment Variables
      The Environment Variables window appears.
    4. Select New to create a system variable with Variable name TRUSTED_FRAME_SITES.
    5. For Variable value, enter a comma-separated list of the sites gathered in the previous step.
      For example, https://siteb.company-domain.com,https://sitec.company-domain.com:8443
  3. Save and close all the windows.
  4. Restart GE Operations Hub IQP EndApp service for this change to take effect.

Results

You have successfully set up a list of whitelisted websites.
Note:
  • An End App authenticates users for access. Recent versions of Chrome have enforced a default SameSite policy on cookies. Hence, sites that embed an End App must be on the same parent domain as the Operations Hub’s host domain. For example, if Operations Hub is on domain ophub.company-domain.com, thenfoo.company-domain.com is acceptable, but not bar.company.local.
  • By default, Operations Hub End Apps can embed 3rd party contents using iframes without restriction. However, customers may choose to whitelist such 3rd party contents using an environment variable TRUSTED_FRAME_SOURCES similar to TRUSTED_FRAME_SITES. In such cases, ensure that the certificates used for https protocol by 3rd party websites are trusted on client (browser) nodes.