Background
...
Html |
---|
<div id="fb-root"></div>
<script>(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = 'https://connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.11';
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script> |
Html |
---|
<div class="fb-like" data-href="#" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |
Html |
---|
<div class="lang-box-pdf">
<div>
<div class="lang-switch">
<span class="letters-form"><a title="English" href="#">EN</a> | <a title="Italian" href="#" >IT</a> | <a title="French" href="#" target="_blank">FR</a> | <a title="German" href="#">DE</a></span>
</div>
<div class="google-lang">
<div id="google_translate_element">
</div>
<script type="text/javascript">
function googleTranslateElementInit() {
new google.translate.TranslateElement({pageLanguage: 'en', includedLanguages: 'de,es,fr,it,nl', autoDisplay: false}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
</div>
<div class="pdf-button">
<a href="#" alt="Convert to .pdf" title="Convert to .pdf"><img src="https://confluence.wildix.com/download/attachments/14549012/pdf-button-download-wildix-documentation.png"></a>
</div>
</div>
</div> |
Info |
---|
Document description Created: April 2018 Permalink: |
Warning |
---|
IMPORTANT: Trusted domains must be added to the domain whitelist! Please note that any Web API / PBX API integration will stop working if the domain is not added. |
Introduction
To prevent cross site data interception, 'Origin' header whitelist has been implemented for API queries
...
Different domains are supported for configuration e.g.
http://<domain or ip address> / https://domain or ip address>
http://<domain or ip address>:port / https://<domain or ip address>:port
Note |
---|
Note: Origins Wildix Portal: 'https://pbx.wildix.com' & Wildix Chrome Extension: 'chrome-extension://lobgohpoobpijgfegnlhdnppegdbomkn' are hardcoded in whitelist |
Note |
---|
Note: IP range can't be specified in this case. You just need to input one IP address or domain name. |
During feature implementation following changes were made:
- closed the ability to receive answers in the iframe: set header 'X-Frame-Options' to 'DENY'
- closed cross domain query on Collaboration scripts:
- /collaboration/index.php
- /features/features_user.php
- opened all requests from Origin: 'https://pbxs.wildix.com'
- return an empty response to all requests api, if the Origin is not from the whitelist
Attention
...
Html |
---|
<div class="fb-like" data-href="#" data-layout="button_count" data-action="recommend" data-size="large" data-show-faces="true" data-share="true"></div> |