First Last Prev Next    This bug is not in your last search results.
Bug 49004 - Integrate ThirdParty Apps deeper in the Portal
Integrate ThirdParty Apps deeper in the Portal
Status: NEW
Product: UCS
Classification: Unclassified
Component: Portal
UCS 4.4
Other Mac OS X 10.1
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-15 11:02 CET by Michel Smidt
Modified: 2019-06-05 11:25 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
ThirdPartyInPortal (440.72 KB, application/vnd.oasis.opendocument.presentation)
2019-03-15 11:02 CET, Michel Smidt 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michel Smidt 2019-03-15 11:02:07 CET 
Created attachment 9928 [details]
ThirdPartyInPortal

I have received several requests to integrate apps deeper into the portal. The customer's idea is more often to overlay a menu bar or a home button to bring me back to the portal or other apps. See attached slides.
Comment 1 Florian Best univentionstaff 2019-03-15 12:15:03 CET 
From security perspective this is complicated. Apps may (and should) block being visible in an I-Frame via the X-Frame-Options or Content-Security-Policy.
This would also mean that a Cross Site Scripting vulnerability in the portal would affect also the content of the app. I don't know if app vendors would like this.
Comment 2 Michel Smidt 2019-03-15 12:30:01 CET 
(In reply to Florian Best from comment #1)
> From security perspective this is complicated. Apps may (and should) block
> being visible in an I-Frame via the X-Frame-Options or
> Content-Security-Policy.
> This would also mean that a Cross Site Scripting vulnerability in the portal
> would affect also the content of the app. I don't know if app vendors would
> like this.

Okay. I don't necessarily see that for all apps either. I also see this as an option that a portal operator can "turn on".
Are there any other options besides via I-frame?  Import or include tags?
Comment 3 Florian Best univentionstaff 2019-03-15 12:49:18 CET 
(In reply to Michel Smidt from comment #2)
> Okay. I don't necessarily see that for all apps either. I also see this as
> an option that a portal operator can "turn on".
> Are there any other options besides via I-frame?  Import or include tags?
The only alternative to frames/iframes is opening as a pop up (window/tab with certain size).
First Last Prev Next    This bug is not in your last search results.