Document toolboxDocument toolbox

WMC Content within iFrame

iFrames allow Affiliates to embed WMC order forms onto external websites. Below we’ll outline instructions and best practices for embedding order forms onto your sites.

Domains

WMC added a security implementation (documentation: frame-ancestors in CSP ⟶ Allowing / Blocking iframes from Loading) so that ONLY whitelisted domains can load WMC content pages on an iFrame.

IMPT: Need to check with WMC team to make sure the domains (external) you want to use for the iFrame have been whitelisted. If they have not, the order form will NOT load in the iFrame.

Using Non-Whitelisted Domains

Any iFrame that is loaded on any external domain that is NOT whitelisted will have the following header. This will prevent the page from loading and result in a 404 error.

frame-ancestors 'self'

Phase 1 Recommendation:

Phase 1 Instructions:

  • Once the effort is created in WMC, use the effort link (located at the bottom of the ‘edit’ effort screen) when setting up the iFrame on your external website

    • Will use a transaction domain

  • Sandboxing will be handled by WMC (adding sandbox and attributes to the headers)

    • NO ACTION is needed/suggested from the Affiliates, as it will break the functionality.

    • Any content loaded from within these domains, will have the following tags on the response header:

sandbox allow-forms allow-scripts allow-same-origin allow-popups

 

 

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html-macro' is unknown.