iFrame Control

  • Overview

    The iFrame Control module authorizes domains to be used in iframes within the system.

    If you want to allow your users to use iframes 2 things must happen. First profiles that are allowed to use iframes must have 'iframe' added to their "Allowed HTML Tags" setting for the quota that they are in.

    And second that the domain they use must be authorized by the iFrame Control module.

    Only domains listed in the iframe control module are allowed to be embeded.
  • Allowed iFrame Domains

    When you want to allow a domain to provide content via iframe, first that domain must be authorized by adding it to the Allowed Domains.

    For example if one of your users wanted to add a google calendar, then google would provide the code:
    <iframe src="https://calendar.google.com/calendar/embed?src=en.japanese%23holiday%40group.v.calendar.google.com&ctz=Asia/Tokyo" style="border: 0" width="800" height="600" frameborder="0" scrolling="no"></iframe>

    The domain of which is:
  • screenshot of the Allowed Domains tab of the iframe control module
  • The second step, allow iframe

    Once you have listed up all the domains that are considered allowed domains, then go to the QUOTA CONFIG tab of the system core module.

    and add the iframe tag to "Allowed HTML Tags" of the profiles that are allowed to add iframes.
  • If your main site URL is SSL (starts with https) then any URLs in your iframe src variable need to be https as well, otherwise your website will give errors and may not work.