FORUM CTRLX AUTOMATION
ctrlX World Partner Apps for ctrlX AUTOMATION
Dear Community User! We are updating our platform to a new
system.
Read more: Important
information on the platform change.
06-20-2024 06:28 PM
Hello,
I am attempting to display information from a 3rd party webserver via an iframe in my WebIQ project(2.15.7). I believe I need to set some HTTP headers to allow for the connection to the external web server. WebIQ feature 3476 from the 2.13.0 release states the CORS headers can now be configured for the WebIQ server. How do I configure these?
Solved! Go to Solution.
06-21-2024 08:22 AM
This is actually not a question about WebIQ, but about web technology in general, because WebIQ doesn't embed any websites, it just tells the browser where to load a document from through the URL - the browser then loads the URL. Opening the browser's developer tools usually by pressing F12 will also tell you exactly where the problem is:
Also, you are confusing source and target here: the feature you mention is about allowing embedding of a WebIQ HMI into another website, not vice versa.
For security reasons the website to be embedded has to allow the embedding, because that's the way to secure the internet (as such you can configure this for WebIQ if you want to embed a WebIQ HMI in another website). You cannot embed facebook.com in an iFrame on any website, but you can embed example.com - which is because example.com allows that whereas facebook.com doesn't allow it.
Please see here for more information:
You will find a lot of answers on this online, because it's a general web security feature affecting every website.
06-21-2024 03:34 PM
Hello @webiq-sk,
Thank you for the information.
You are correct, I was mixing up the target and source. However, I am working on both cases right now: embedding a WebIQ visualization inside another website and embedding another website inside WebIQ. How do I configure the feature in WebIQ that allows it to be embedded elsewhere?
06-21-2024 03:45 PM
You can set this per HMI in .db/project.json:
"http": {
"additionalHeaders": {},
"contentSecurityPolicy": {},
"cors": {
"allowHeaders": [],
"allowPrivateNetworkAccess": false,
"origins": []
},
"hideServerTokens": true,
"preventMimeSniffing": true,
"spoofServerTokens": null,
"xFrameOptions": null
},
Here is an example - this has of course to be adapted to what you want to allow - the attributes are named according to the web standard:
{
"http": {
"cors": {
"origins": [
"http://127.0.0.1:10123",
"http://127.0.0.1:10124"
],
"allowHeaders": [
],
"allowPrivateNetworkAccess": false
},
"contentSecurityPolicy": {
"default-src": [
"self"
]
},
"additionalHeaders": {
}
},
"version": 1
}
06-21-2024 03:51 PM
xFrameOptions: according to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
e.g. "DENY" or "SAMEORIGIN"
06-21-2024 04:15 PM
Do I need to manually create the '.db' directory and 'project.json' file in the project root directory? I haven't found either of these when searching the project directory.
06-21-2024 04:33 PM
Every WebIQ project always contains the .db directory and a project.json, otherwise it would not work at all.
Please check the visibility setting in File Explorer.
06-21-2024 04:40 PM
I was looking in my WebIQ Designer folder. I exported the project and unzipped, now I see the relevant file and directory.
Thank you for the help.