Html |
---|
<div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11'; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> |
...
Info | ||
---|---|---|
This Admin Instruction explains how to configure domain whitelist to protect PBX from cross-site request forgery (CSRF) attacks.
Created: April 2018 WMS Version: 3.88 Permalink: https://confluence.wildix.com/x/SwBuAQ |
Table of Contents |
---|
Introduction
...
To allow such interactions, Cross-origin resource sharing (CORS) is used. It is a standard that allows cross-domain requests. CORS can be defined as a set of headers that allow a browser and server to communicate about which requests are/ are not allowed. The simplest way is to check that the request originates from a trusted site, using Origin request header. For example,
Code Block | ||
---|---|---|
| ||
Origin: https://ucua.wildixin.com |
...
Enter IP address/ domain name and click + to add the value:
Supported formats of IP address/ domain name:
- http://<domain or IP address> / https://domain or IP address>
- http://<domain or IP address>:port / https://<domain or IP address>:port
Examples:
- https://ucua.wildixin.com/
- https://ucua.wildixin.com:4443/
http://ucua.wildixin.com/
Note Note: Wildix Portal "https://pbx.wildix.com/" and Wildix Chrome Extension "https://chrome-extension://lobgohpoobpijgfegnlhdnppegdbomkn" are hardcoded in the whitelist, there is no need to add them.
Note Note: IP range can't be specified in this case. You just need to enter one IP address or domain name.
After you enter all the values, click Save:
...