Whitelist Websites
Operations Hub allows to load content from whitelisted URLs.
About this task
Starting with Operations Hub v2.1 SIM2, it is possible to whitelist trusted sites to use iframe with End Apps. Note at this time, this whitelist applies to all End Apps.
Procedure
-
Gather a list of one or more websites that you want to use iframe to embed
EndApps.
-
On the host machine where Operations Hub is installed, add an environment variable
TRUSTED_FRAME_SITES
. - Save and close all the windows.
- Restart GE Operations Hub IQP EndApp service for this change to take effect.
Results
Note:
- An End App authenticates users for access. Recent versions of Chrome have
enforced a default SameSite policy on cookies. Hence, sites that embed an End App
must be on the same parent domain as the Operations Hub’s host domain. For
example, if Operations Hub is on
domain ophub.company-domain.com
, thenfoo.company-domain.com
is acceptable, but notbar.company.local
. - By default, Operations Hub End Apps can embed 3rd party contents using iframes
without restriction. However, customers may choose to whitelist such 3rd party
contents using an environment variable
TRUSTED_FRAME_SOURCES
similar toTRUSTED_FRAME_SITES
. In such cases, ensure that the certificates used for https protocol by 3rd party websites are trusted on client (browser) nodes.