×

It's time to move from Web HMI to Proficy Operations Hub! Visit the Operations Hub web page, download a free trial or check out the datasheet.

Home
Certificate Management and Content Security
Set up a Whitelist
You create a whitelist of safe domains that Web HMI can load in to an iframe.
Whitelists
The whitelist feature allows web content to load in to Web HMI.

Web HMI Products Documentation

Certificate Management and Content Security
- Certificate Management
  Certificate management is an integral part of securing communication between Web HMI and web browsers.
- Install CA Certificates
  You must install Certificate Authority (CA) certificates on each client and server machine where Web HMI is installed.
- Apply Custom Certificates
  Modify the Reserve Proxy configuration file to use custom certificates.
- Install Workflow Certificate in iPad Clients
  To interact with Workflow task lists through Web HMI on iPad devices, you must install the Workflow ProficySelfSignedCA certificate in each device.
- Set up a Whitelist
  You create a whitelist of safe domains that Web HMI can load in to an iframe.
  - Whitelists
    The whitelist feature allows web content to load in to Web HMI.
- Security Recommendations
  To create a secure Web HMI environment, follow these recommendations.

Whitelists

The whitelist feature allows web content to load in to Web HMI.

Be aware that some websites programmatically ensure that their content does not appear inside of an iframe. Additionally, the Web HMI client only displays content loaded using the HTTPS protocol, which can prohibit the ability to host certain websites that store both HTTP and HTTPS content.

Web HMI conforms to the Content Security Policy (CSP) security to detect and mitigate attacks, such as cross-site scripting. CSP provides a standard method for website owners to declare approved origins of content that browsers can load on their websites. Web HMI returns each HTTPS response with a Content-Security-Policy field in its header containing a list of approved (as safe) domain names that web browsers can load. You define this list in the whitelist field of the Reverse Proxy configuration file, as explained in Set up a Whitelist.