Versions Compared

Old Version 6

changes.mady.by.user Andrew Ignatenko

Saved on

compared with

New Version 7

changes.mady.by.user Ksenia Babych

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Background

...



Html
<div id="fb-root"></div>
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>



Html
<div class="fb-like" data-href="#" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div>


Html
 <div class="lang-box-pdf">
	<div>
<div class="lang-switch">
			<span class="letters-form"><a title="English" href="#">EN</a>&nbsp;|&nbsp;<a title="Italian" href="#" >IT</a>&nbsp;|&nbsp;<a title="French" href="#" target="_blank">FR</a>&nbsp;|&nbsp;<a title="German" href="#">DE</a></span>
		</div>
		<div class="google-lang">
			<div id="google_translate_element">
			</div>
			<script type="text/javascript">
					function googleTranslateElementInit() {
						new google.translate.TranslateElement({pageLanguage: 'en', includedLanguages: 'de,es,fr,it,nl', autoDisplay: false}, 'google_translate_element');
						}
			</script>
			<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
		</div>
		
		<div class="pdf-button">
			<a href="#" alt="Convert to .pdf" title="Convert to .pdf"><img src="https://confluence.wildix.com/download/attachments/14549012/pdf-button-download-wildix-documentation.png"></a>
		</div>
	</div>
</div>


Info

Document description

Created: April 2018

Permalink:


Warning

IMPORTANT: Trusted domains must be added to the domain whitelist! Please note that any Web API / PBX API integration will stop working if the domain is not added.

Introduction

To prevent cross site data interception, 'Origin' header whitelist has been implemented for API queries

...

Different domains are supported for configuration e.g.

http://<domain or ip address> / https://domain or ip address> 
http://<domain or ip address>:port / https://<domain or ip address>:port


Note

Note: Origins Wildix Portal: 'https://pbx.wildix.com' & Wildix Chrome Extension: 'chrome-extension://lobgohpoobpijgfegnlhdnppegdbomkn'  are hardcoded in whitelist


Note

Note: IP range can't be specified in this case. You just need to input one IP address or domain name.



During feature implementation following changes were made:

  • closed the ability to receive answers in the iframe: set header 'X-Frame-Options' to 'DENY'
  • closed cross domain query on Collaboration scripts:
    • /collaboration/index.php
    • /features/features_user.php
  • opened all requests from Origin: 'https://pbxs.wildix.com'
  • return an empty response to all requests api, if the Origin is not from the whitelist

Attention

...



Html
<div class="fb-like" data-href="#" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div>