SkyVault Content Services allows you to control which domain pages or content are included in SkyVault Share to create a whitelist of allowed domains. A whitelist is a list of email addresses or IP addresses that are considered to be safe for use within your organisation.
This IFramePolicy is applied when Share includes an <iframe> tag while constructing the Web View dashlet. The dashlet will allow only those URLs that have been added to the whitelist. Developers can use the SkyVault.util.IFramePolicy.isUrlAllowed() method to check if a URL is allowed for custom implementations of a Web View or <iframe> tag is included.
The whitelist of allowed domains is set in the <configRootShare>/classes/alfresco/share-security-config.xml configuration file:
<config evaluator="string-compare" condition="IFramePolicy"> <same-domain>allow</same-domain> <cross-domain> <url>*</url> </cross-domain> </config>
<config evaluator="string-compare" condition="IFramePolicy" replace="true"> <same-domain>deny</same-domain> </config>
<config evaluator="string-compare" condition="IFramePolicy" replace="true"> <cross-domain> <url>*</url> </cross-domain> </config>
<config evaluator="string-compare" condition="IFramePolicy" replace="true"> <cross-domain> <url>https://www.owasp.org/</url> </cross-domain> </config>