Skip to content

Latest commit

 

History

History
31 lines (19 loc) · 1.39 KB

allowlist-service-d04a6d4.md

File metadata and controls

31 lines (19 loc) · 1.39 KB

Allowlist Service

SAPUI5 supports the configuration of a central allowlist service.

frameOptions uses the allowlist service to determine whether the application should run in the parent origin or not. The allowlist service call uses the parent origin as URI parameter (URL encoded) as follows:

GET url/to/allowlist/service?parentOrigin=https://parent.domain.com

The service responds to the request with a valid JSON:

{
    "version" : "1.0",
    "active"  : true | false,                   // defines if entry is active (if not, framing will be allowed per default)
    "origin"  : "<same as passed to service>",
    "framing" : true | false                    // if active, describes if framing should be allowed (see FrameOptions)
}

Related Information

Frame Options

Configuration Options and URL Parameters