![]() The embedded resource, however, is controlled by the policy delivered with the resource, or the policy of the embedding resource if the embedded resource is a globally unique identifier (or a srcdoc frame). We're also experimenting with linking over to help center pages directly in a new tab / browser. The policy applied on iframes according to the spec: The policy of the embedding resource controls what may be embedded. Update: In case it helps anyone, we went with option (a) Zendesk's article API to list and show articles directly in our single page application since iframes are not allowed. Maybe I'm missing something and there's an easier way? I was hoping to simply show the help center in an IFrame with our existing in-app "Contact Support" button at the bottom. Without the X-Frame-Options, we're looking at these workarounds for help center articles:Ī) Use the zendesk API to load specific articlesī) Implement the deprecated Support SDK for iOS/Android and classic web widget for web usersĬ) Implement messaging SDK / web widget, but it seems to be missing some key features around JWT authenticationĭ) Break context and kick users out of our application into the help center site through a browser or new tab.Į) Use a different CMS for our help articles ![]() We're not relying on Zendesk for any direct user authentication. Thus over a short period of time several of your site visitors computers would get infected. I'm working on use case #1 for an Ionic app (iOS, Android, and single page app for web) with one code base. When anyone visits that page, the hidden iframe code secretly downloads and installs a Trojan or a malware such as key-logger on the unsuspecting users computer, if his computer is not adequately protected. Ideally there would be a Guide Settings > Security option where the admin can disable "X-Frame-options" header.Ģ - Embedding potentially unsafe HTML: This could be better managed with a Content-Security-Policy so the account admin / developer could set some parameters on safe/unsafe resources/scripts/css/etc. It seems like there are two different use cases here:ġ - Embedding Zendesk HC resources into an app / website so users can access articles/resources in context.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |