URL widget with locally hosted sites

Hristo_Velev · August 16, 2019, 9:06am

Hi guys,
We’re firewalled off the internet, like the Disney/TPN rules require. Shotgun goes through the firewall. We have some local services like our wiki, that do not go through the firewall. We want to embed our wiki in shotgun pages using the URL widget, but we have problems with that - enabling its iframe embed settings is not enough to get it working.

Thanks

brandon.foster · August 16, 2019, 4:20pm

Hey Hristo!

Does your wiki happen to be Confluence? Certain services like that actively block iframe embedding. For Confluence, at least, there are some workarounds available:

https://confluence.atlassian.com/confkb/confluence-page-does-not-display-in-an-iframe-827335781.html

Depending on what you’re trying to embed, you may have more/fewer options.

Hristo_Velev · August 16, 2019, 4:23pm

Hi,

It happens to be mediawiki, and we’ve set these embed params, but no luck yet:

brandon.foster · August 20, 2019, 1:29pm

Roger that, Hristo. If you open up the browser console when you try to embed, are there any Javascript errors there? They may provide a clue as to what it’s getting hung up on.

Hristo_Velev · August 21, 2019, 3:28pm

We’re seeing an error saying x-frame-options is set to ‘deny’ although we’ve set it to ‘sameorigin’, which is weird

brandon.foster · August 22, 2019, 5:22pm

That error seems like the wiki is still actively blocking the embedding. If you try putting a 3rd party site in the URL widget that doesn’t block embedding, do you get the same behavior or does it show up?

Hristo_Velev · August 23, 2019, 7:32am

Yes seems so - I’ll check with another of our locally hosted services Monday

Hristo_Velev · August 26, 2019, 9:18am

Hi,

I’ve checked with our Grafana and Kibana, and they work

brandon.foster · August 26, 2019, 2:46pm

Thanks for the added test, Hristo. It sounds like there may be some lingering setting or pref in MediaWiki. If you’ve already done what they recommended in the article you linked earlier you may need to contact their team to see what else could be blocking the embed.

Hristo_Velev · August 26, 2019, 4:02pm

Ok, mailed their support, thanks!

ababak · September 9, 2019, 8:34am

The iframe will not work if you mix https/http. If your Shotgun website uses https, make sure your wiki is accessed through https as well.

Andriy.

Hristo_Velev · September 9, 2019, 9:19am

Thanks, we have the wiki via https, but it’s still not working

Hristo_Velev · September 12, 2019, 10:41am

Latest we found is that Chrome is blocking iframe explicitly, so that avenue seems closed. It’s an old and unsecure tech anyways, would be great if there’s an updated solution

miker · March 30, 2020, 9:03pm

We’re considering something similar. I’m curious how you were intending to secure access to the wiki? Require a separate wiki login? HTTP referrer (not very secure)? Other?

Hristo_Velev · April 2, 2020, 12:37pm

We are hosting it on the internal network, and it would only be accessible from there. As should Shotgun, btw, with all the proxy renders there and people logging from anywhere - whitelisting logging IPs should not be an extra, but a basic security option.