Embedding AppGini into website

Please report bugs and any annoyances here. Kindly include all possible details: steps to reproduce, expected result, actual result, screenshots, ... etc.
Post Reply
User avatar
ronwill
Veteran Member
Posts: 228
Joined: 2015-08-08 10:12
Location: Cheltenham UK +Weatherford USA

Embedding AppGini into website

Post by ronwill » 2018-02-19 19:51

Has something changed with the latest version to affect above?

Since updating I've noticed that I now get message on instances where I've embed appgini into websites:

Quote
This content can’t be shown in a frame
There is supposed to be some content here, but the publisher doesn’t allow it to be displayed in a frame. This is to help protect the security of any information you might enter into this site.
UnQuote

Previously it used to run without issue or blocking etc. This only happens on projects that I re-publish in the newest version of AppGini.

Cheers,
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course

User avatar
ronwill
Veteran Member
Posts: 228
Joined: 2015-08-08 10:12
Location: Cheltenham UK +Weatherford USA

Re: Embedding AppGini into website

Post by ronwill » 2018-02-20 00:42

It's ok I found it in datalist.php :

function set_headers(){
@header('Content-Type: text/html; charset=' . datalist_db_encoding);
@header('X-Frame-Options: SAMEORIGIN'); // prevent iframing by other sites to prevent clickjacking
}

Then read up about it here: https://www.owasp.org/index.php/Clickja ... eat_Sheet

Ohh well better to be safer than sorry, damn they spoil everything!!! Glad to see AppGini are trying to protect us.

Cheers,
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Embedding AppGini into website

Post by peebee » 2018-02-20 00:46

I haven't actually tried V5.70 yet so I am guessing at this but.....

X-Frame-Options to prevent clickjacking must have been added to the new Appgini code output.

It is actually a good thing from a security point of view and one of the basics in penetration testing of databases.

You can read more here: https://developer.mozilla.org/en-US/doc ... me-Options

or here: https://www.owasp.org/index.php/Clickja ... heat_Sheet

If you really must use an iframe, I would search the code and look for "X-Frame-Options" (most likely in the @header options in incCommon.php or perhaps the header files?)

Change from X-Frame-Options: DENY to one of the other options to suit your situation.

If that's not the issue - then I'm not sure what else has been added....? I'll hopefully give V5.70 a go in the next few weeks.

peebee
AppGini Super Hero
AppGini Super Hero
Posts: 352
Joined: 2013-03-21 04:37

Re: Embedding AppGini into website

Post by peebee » 2018-02-20 00:47

Wow, must have posted at the same time. Pity, should have waited and I could have saved myself some time typing the reply... :-)

User avatar
ronwill
Veteran Member
Posts: 228
Joined: 2015-08-08 10:12
Location: Cheltenham UK +Weatherford USA

Re: Embedding AppGini into website

Post by ronwill » 2018-02-25 14:59

Lol, but still appreciate your taking the time to respond
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course

User avatar
a.gneady
Site Admin
Posts: 1281
Joined: 2012-09-27 14:46
Contact:

Re: Embedding AppGini into website

Post by a.gneady » 2018-02-28 11:49

X-Frame-Options: SAMEORIGIN still allows you to embed your AppGini app in an iframe, but the containing page must be hosted on the same domain.
:idea: AppGini plugins to add more power to your apps:
  • DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
  • Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
  • Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.

Post Reply