Versions Compared

Old Version 9

changes.mady.by.user Ksenia Babych

Saved on

compared with

New Version 10

changes.mady.by.user Ksenia Babych

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Html
<div id="fb-root"></div>
<script>(function(d, s, id) {
  var js, fjs = d.getElementsByTagName(s)[0];
  if (d.getElementById(id)) return;
  js = d.createElement(s); js.id = id;
  js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
  fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>

...

Info

This Admin Instruction explains how to configure domain whitelist to protect PBX from cross-site request forgery (CSRF) attacks.

Warning

IMPORTANT: Trusted domains must be added to a domain whitelist! Please note that any Web API / PBX API integration will stop working if the domain is not added.

Created: April 2018

WMS Version: 3.88

Permalink: https://confluence.wildix.com/x/SwBuAQ

Table of Contents

Introduction

The main purpose of adding domains to a whitelist is to protect PBX from cross-site request forgery (CSRF) attacks.

...

To allow such interactions, Cross-origin resource sharing (CORS) is used. It is a standard that allows cross-domain requests. CORS can be defined as a set of headers that allow a browser and server to communicate about which requests are/ are not allowed. The simplest way is to check that the request originates from a trusted site, using Origin request header. For example, 

Code Block
languagetext
Origin: https://ucua.wildixin.com

...

If a server decides that the request should be allowed, it sends Access-Control-Allow-Origin header with the same origin that was sent. For example,


Code Block
languagetext
Access-Control-Allow-Origin: https://ucua.wildixin.com


If this header is missing or the origins don’t match, then the request is not allowed. If origins match, then a browser processes the request.

Configuration of Domain Whitelist

Whitelist is configured in WMS -> Settings -> PBX -> Security.

...

  1. Enter IP address/ domain name and click + to add the value:

    Supported formats of IP address/ domain name:

    • http://<domain or IP address> / https://domain or IP address> 
    • http://<domain or IP address>:port / https://<domain or IP address>:port

    Examples:

    • https://ucua.wildixin.com/
    • https://ucua.wildixin.com:4443/

    • http://ucua.wildixin.com/ 


    Note

    Note: Wildix Portal "https://pbx.wildix.com/" and Wildix Chrome Extension "https://chrome-extension://lobgohpoobpijgfegnlhdnppegdbomkn" are hardcoded in the whitelist, there is no need to add them.


    Note

    Note: IP range can't be specified in this case. You just need to enter one IP address or domain name.


  2. After you enter all the values, click Save:



...