Skip to main content

I'm wondering with all the restrictions that the function of the previewer als portal to custom functionality will be. I was testing some external tooling to embed via the previewer. 

<iframe data-testid="previewer__setting-url" src="https://******/boards/1364237053117597402" sandbox="allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox" class="tsf-emotion-97u7f4"></iframe>

 

Appareantly somethings are allowed, whilst others are not. 

Blocked form submission to '' because the form's frame is sandboxed and the 'allow-forms' permission is not set.

 

Is there an overview of what will work in a previewer and what not? I know I can test everything and find out, but wouldn't it be easier to share your thoughts on restrictions and allowed functions? 

Anyway, why are form submissions blocked?  And can I unblock them?

Hi @Freddy,

Can you please create a TCP ticket for allow-forms?
I think we can allow this in the preview component, but we need to do some further research whether it poses a security risk.

And as for further restrictions of the preview component, it disallows the following as they pose security risks:

  • Accessing the parent document (so Universal itself), meaning if a page embedded in the iframe wants to e.g. read or change elements in Universal, this isn't possible.
  • Changing the URL of the parent document (Universal)

Furthermore, depending on your CSP configuration, there could be extra limitations in place.

Thanks in advance!

Kind regards,
Leroy Witteveen

Done: 10372S

@Freddy Some more context: please know that we're looking into getting the Custom components in the Software Factory working with the Universal GUI. One of the things we're reviewing is whether or not we need to make a distinction between a Previewer component and a Custom component, the latter allowing more functionality. This is undecided just yet, but it's on the radar to investigate how to make it easier to interact between Custom components and the Universal GUI.

@Freddy Some more context: please know that we're looking into getting the Custom components in the Software Factory working with the Universal GUI. One of the things we're reviewing is whether or not we need to make a distinction between a Previewer component and a Custom component, the latter allowing more functionality. This is undecided just yet, but it's on the radar to investigate how to make it easier to interact between Custom components and the Universal GUI.

Hi @Arie V , is there any chance my ticket can get some priority to have the form submit working on the short term?

@Freddy If there’s a good reason for priority, you should raise Urgency, add a Milestone, and an Explanation of the milestone to the TCP ticket 😉

@Freddy If there’s a good reason for priority, you should raise Urgency, add a Milestone, and an Explanation of the milestone to the TCP ticket 😉

Put the ticket on Urgent, but cannot add the milestone and explanation.. I added it in a comment. 

Reply


Terms & ConditionsCookie settings