Univention Bugzilla – Bug 49004
Integrate ThirdParty Apps deeper in the Portal
Last modified: 2019-06-05 11:25:16 CEST
Created attachment 9928 [details] ThirdPartyInPortal I have received several requests to integrate apps deeper into the portal. The customer's idea is more often to overlay a menu bar or a home button to bring me back to the portal or other apps. See attached slides.
From security perspective this is complicated. Apps may (and should) block being visible in an I-Frame via the X-Frame-Options or Content-Security-Policy. This would also mean that a Cross Site Scripting vulnerability in the portal would affect also the content of the app. I don't know if app vendors would like this.
(In reply to Florian Best from comment #1) > From security perspective this is complicated. Apps may (and should) block > being visible in an I-Frame via the X-Frame-Options or > Content-Security-Policy. > This would also mean that a Cross Site Scripting vulnerability in the portal > would affect also the content of the app. I don't know if app vendors would > like this. Okay. I don't necessarily see that for all apps either. I also see this as an option that a portal operator can "turn on". Are there any other options besides via I-frame? Import or include tags?
(In reply to Michel Smidt from comment #2) > Okay. I don't necessarily see that for all apps either. I also see this as > an option that a portal operator can "turn on". > Are there any other options besides via I-frame? Import or include tags? The only alternative to frames/iframes is opening as a pop up (window/tab with certain size).