Html |
---|
<div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11'; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> |
...
Html |
---|
<div class="fb-like" data-href="#https://confluence.wildix.com/x/SwBuAQ" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
...
Html |
---|
<div class="lang-box-pdf"> <div> <div class="lang-switch"> <span class="letters-form"><a title="English" href="#">EN</a> | <a title="Italian" href="#" >IT</a> | <a title="French" href="#" target="_blank">FR</a> | <a title="German" href="#">DE</a></span> </div> <div class="google-lang"> <div id="google_translate_element"> </div> <script type="text/javascript"> function googleTranslateElementInit() { new google.translate.TranslateElement({pageLanguage: 'en', includedLanguages: 'de,es,fr,it,nl', autoDisplay: false}, 'google_translate_element'); } </script> <script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script> </div> <div class="pdf-button"> <a href="#https://confluence.wildix.com/spaces/flyingpdf/pdfpageexport.action?pageId=23986251" alt="Convert to .pdf" title="Convert to .pdf"><img src="https://confluence.wildix.com/download/attachments/14549012/pdf-button-download-wildix-documentation.png"></a> </div> </div> </div> |
Info | |||
---|---|---|---|
Document description Created: April 2018 Permalink: | |||
This Admin Instruction explains how to configure domain whitelist and
Created: April 2018 WMS Version: 3.88 Permalink: https://confluence.wildix.com/x/SwBuAQ |
Table of Contents |
---|
Introduction
To prevent cross site data interception, 'Origin' header whitelist has been implemented for API queries
Technical Details
Whitelist can be configured in WMS Settings > PBX > Security
Settings are stored in /rw2/etc/pbx/http-security.conf
Different domains are supported for configuration e.g.The main purpose of adding domains to a whitelist is to protect PBX from cross-site request forgery (CSRF) attacks.
How it works:
Generally, web requests are restricted to only the current domain, per the same-origin policy. The same-origin policy is a significant security standard implemented by web browsers to prevent requests against a different origin (e.g., different domain) than the one from which it was served. At the same time, the same-origin policy also prevents legitimate interactions between a server and clients of a known and trusted origin.
To allow such interactions, Cross-origin resource sharing (CORS) is used. It is a standard that allows cross-domain requests. The simplest way is to check that the request originates from a trusted site, using the Origin request header:
Access-Control-Allow-Origin
Configuration of Domain Whitelist
Whitelist is configured in WMS -> Settings -> PBX -> Security.
To configure a domain whitelist:
Enter IP address/ domain name and click + to add the value:
Supported formats of IP address/ domain name:
- http://<domain or
...
- IP address> / https://domain or
...
- IP address>
- http://<domain or
...
- IP address>:port / https://<domain or
...
- IP address>:port
Examples:
- https://ucua.wildixin.com/
- https://ucua.wildixin.com:4443/
http://ucua.wildixin.com/
Note Note:
...
Wildix Portal
...
"https://pbx.wildix.com
...
/" and Wildix Chrome Extension "https:
...
//chrome-extension://lobgohpoobpijgfegnlhdnppegdbomkn
...
" are hardcoded in the whitelist, there is no need to add them.
Note Note: IP range can't be specified in this case. You just need to
...
enter one IP address or domain name.
During feature implementation following changes were made:
...
- /collaboration/index.php
- /features/features_user.php
...
After you enter all the values, click Save:
To delete the value from the list, click X.
Html |
---|
<div class="fb-like" data-href="#https://confluence.wildix.com/x/SwBuAQ" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
...