Has something changed with the latest version to affect above?
Since updating I've noticed that I now get message on instances where I've embed appgini into websites:
Quote
This content can’t be shown in a frame
There is supposed to be some content here, but the publisher doesn’t allow it to be displayed in a frame. This is to help protect the security of any information you might enter into this site.
UnQuote
Previously it used to run without issue or blocking etc. This only happens on projects that I re-publish in the newest version of AppGini.
Cheers,
Embedding AppGini into website
Embedding AppGini into website
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course
Re: Embedding AppGini into website
It's ok I found it in datalist.php :
function set_headers(){
@header('Content-Type: text/html; charset=' . datalist_db_encoding);
@header('X-Frame-Options: SAMEORIGIN'); // prevent iframing by other sites to prevent clickjacking
}
Then read up about it here: https://www.owasp.org/index.php/Clickja ... eat_Sheet
Ohh well better to be safer than sorry, damn they spoil everything!!! Glad to see AppGini are trying to protect us.
Cheers,
function set_headers(){
@header('Content-Type: text/html; charset=' . datalist_db_encoding);
@header('X-Frame-Options: SAMEORIGIN'); // prevent iframing by other sites to prevent clickjacking
}
Then read up about it here: https://www.owasp.org/index.php/Clickja ... eat_Sheet
Ohh well better to be safer than sorry, damn they spoil everything!!! Glad to see AppGini are trying to protect us.
Cheers,
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course
Re: Embedding AppGini into website
I haven't actually tried V5.70 yet so I am guessing at this but.....
X-Frame-Options to prevent clickjacking must have been added to the new Appgini code output.
It is actually a good thing from a security point of view and one of the basics in penetration testing of databases.
You can read more here: https://developer.mozilla.org/en-US/doc ... me-Options
or here: https://www.owasp.org/index.php/Clickja ... heat_Sheet
If you really must use an iframe, I would search the code and look for "X-Frame-Options" (most likely in the @header options in incCommon.php or perhaps the header files?)
Change from X-Frame-Options: DENY to one of the other options to suit your situation.
If that's not the issue - then I'm not sure what else has been added....? I'll hopefully give V5.70 a go in the next few weeks.
X-Frame-Options to prevent clickjacking must have been added to the new Appgini code output.
It is actually a good thing from a security point of view and one of the basics in penetration testing of databases.
You can read more here: https://developer.mozilla.org/en-US/doc ... me-Options
or here: https://www.owasp.org/index.php/Clickja ... heat_Sheet
If you really must use an iframe, I would search the code and look for "X-Frame-Options" (most likely in the @header options in incCommon.php or perhaps the header files?)
Change from X-Frame-Options: DENY to one of the other options to suit your situation.
If that's not the issue - then I'm not sure what else has been added....? I'll hopefully give V5.70 a go in the next few weeks.
Re: Embedding AppGini into website
Wow, must have posted at the same time. Pity, should have waited and I could have saved myself some time typing the reply...
Re: Embedding AppGini into website
Lol, but still appreciate your taking the time to respond
Ron - Gloucestershire, UK: AppGini Pro V 23.15 Rev 1484 - LOVING IT!
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course
Plugins: Mass Update + Search Page Maker + Summary Reports + Calendar + Messages
Bizzworxx: AppGiniHelper + Inline Detail View
Alejandro Landini: To-Do List + MPI + TV Field Editor
Other: Udemy Course
Re: Embedding AppGini into website
X-Frame-Options: SAMEORIGIN still allows you to embed your AppGini app in an iframe, but the containing page must be hosted on the same domain.
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.