...
Document description
Created: April 2018
...
Html |
---|
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script> |
Html |
---|
<div class="fb-like" data-href="#" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
Html |
---|
<div class="lang-box-pdf">
<div>
<div class="lang-switch">
<span class="letters-form"><a title="English" href="#">EN</a> | <a title="Italian" href="#" >IT</a> | <a title="French" href="#" target="_blank">FR</a> | <a title="German" href="#">DE</a></span>
</div>
<div class="google-lang">
<div id="google_translate_element">
</div>
<script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({pageLanguage: 'en', includedLanguages: 'de,es,fr,it,nl', autoDisplay: false}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
</div>
<div class="pdf-button">
<a href="#" alt="Convert to .pdf" title="Convert to .pdf"><img src="https://confluence.wildix.com/download/attachments/14549012/pdf-button-download-wildix-documentation.png"></a>
</div>
</div>
</div> |
Scroll export button | ||||||||
---|---|---|---|---|---|---|---|---|
|
Info |
---|
This Admin Instruction explains how to configure domain whitelist to protect PBX from cross-site request forgery (CSRF) attacks. Created: April 2018 Updated: May 2024 Permalink: https://wildix.atlassian.net/wiki/x/dAvOAQ |
Table of Contents |
---|
Warning |
---|
IMPORTANT: Trusted domains must be added to the a domain whitelist! Please note that any Web API / PBX API integration will stop working if the domain is not added. |
Warning |
---|
If you are using Firewalls, make sure the following pool of IP addresses is present in your Whitelist for access to Wildix microservices: 3.122.16.10 |
Introduction
...
To prevent cross site data interception, 'Origin' header whitelist has been implemented for API queries
Technical Details
Whitelist can be configured in WMS Settings > PBX > Security
Settings are stored in /rw2/etc/pbx/http-security.conf
...
The main purpose of adding domains to a whitelist is to protect PBX from cross-site request forgery (CSRF) attacks.
How it works:
Generally, web requests are restricted to only the current domain, per the same-origin policy. The same-origin policy is a significant security standard implemented by web browsers to prevent requests against a different origin (e.g., different domain) than the one from which it was served. At the same time, the same-origin policy also prevents legitimate interactions between a server and clients of a known and trusted origin.
To allow such interactions, Cross-origin resource sharing (CORS) is used. It is a standard that allows cross-domain requests. CORS can be defined as a set of headers that allow a browser and server to communicate about which requests are/ are not allowed. The simplest way is to check that the request originates from a trusted site, using Origin request header. For example,
Code Block | ||
---|---|---|
| ||
Origin: https://pbx_name.wildixin.com |
If a server decides that the request should be allowed, it sends Access-Control-Allow-Origin
header with the same origin that was sent. For example,
Code Block | ||
---|---|---|
| ||
Access-Control-Allow-Origin: https://pbx_name.wildixin.com |
If this header is missing or the origins don’t match, then the request is not allowed. If origins match, then a browser processes the request.
Configuration of Domain Whitelist
Whitelist is configured in WMS -> PBX -> Security -> CORS.
To configure a domain whitelist:
Enter IP address/ domain name and click + to add the value:
Supported formats of IP address/ domain name:
- http://<domain or
...
- IP address> / https://domain or
...
- IP address>
- http://<domain or
...
- IP address>:port / https://<domain or
...
- IP address>:port
Examples:
- https://
...
- testpbx.wildixin.com/
- https://
...
- testpbx.wildixin.com:4443/
http://
...
testpbx.wildixin.com
...
/
It is also possible to add patterns using asterisk symbol "*" that replaces letters, numbers and dashes:
Examples:- https://
...
- *.
...
- wildixin.com
...
*://*.wildixin.com
https://*.*.wildixin.com
Note Note: IP range can't be specified in this case. You just need to
...
enter one IP address
...
.
During feature implementation following changes were made:
...
- /collaboration/index.php
- /features/features_user.php
...
Note Note: Wildix Portal "https://pbx.wildix.com/" and Wildix Chrome Extension "https://chrome-extension://lobgohpoobpijgfegnlhdnppegdbomkn" are hardcoded in the whitelist, there is no need to add them.
After you enter all the values, click Save:
To delete the value from the list, click X.
Note |
---|
Note: Starting from WMS 6.04.20230803.1, whitelisting domain can also be used to allow access to files (call recordings, voicemails, faxes). See more in documentation How to download files via different authorization types and CORS domain whitelisting |
Macrosuite divider macro | ||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Button macro | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|