You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/extensions/ui-extensions.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -193,13 +193,17 @@ An iframe (inline frame) is an HTML element that allows you to embed another HTM
193
193
194
194
For more detailed information, you can refer to the [Mozilla Developer Network (MDN) documentation on iframes](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe).
195
195
196
-
To ensure the secure embedding of iframes, it is essential to properly configure [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) headers to control the sources from which content can be loaded.
196
+
To configure an `iframe` UI extension, mandatory fields are `name`, `position`, `type`, and `configuration`. Inside `configuration`, mandatory options are `default_label`, `secret` and `url`.
197
+
198
+
**Ensuring security of embedded iframes**
199
+
200
+
1 - Properly configure [Content Security Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) headers to control the sources from which content can be loaded.
197
201
198
202
::: warning
199
203
Please note that if these headers are misconfigured, iframe functionality may not work as intended.
200
204
:::
201
205
202
-
To configure an `iframe` UI extension, mandatory fields are `name`, `position`, `type`, and `configuration`. Inside `configuration`, mandatory options are `default_label` and `url`.
206
+
2 - Add a secret to you extension. It will be used to generate a JWT token that is sent to the iframe using post message.
203
207
204
208
**PostMessage**
205
209
@@ -272,7 +276,7 @@ An **action** UI extension is designed to perform external tasks in the backgrou
272
276
+**Notification on completion**: A notification will appear once the external server responds to the request, keeping users informed of the task's status.
273
277
+**Timeout**: The PIM HTTP client that communicates with the destination is configured with a timeout of 5 seconds.
274
278
+**POST HTTP method**: The request being sent to the destination is a POST request.
275
-
+**Signature**: It's possible to configure a [secret](#secret) to sign each request sent to the destination.
279
+
+**Signature**: It's possible to configure a `secret` to sign the body of the POST request sent to the destination (<ahref='https://wikipedia.org/wiki/SHA-2'>SHA-512</a> protocol).
@@ -374,10 +378,6 @@ This position refers to the list of commands availables after selecting some pro
374
378
For the moment, you can't use UI extensions with more than **500** selected products & product models.
375
379
:::
376
380
377
-
### Secret
378
-
A secret can be used for UI extensions of type `action`. If it is, this secret is used to sign (with <ahref='https://wikipedia.org/wiki/SHA-2'>SHA-512</a> protocol) the body of the POST request sent to the destination.
379
-
380
-
381
381
### Url
382
382
All types of UI extensions must have a configured URL. However, the parameters that are sent—or can be sent—vary depending on the specific type of extension.
0 commit comments