Wiki source code of Configuration de l'intégration multi-domaines
Last modified by Aurelie Bertrand on 2026/06/22 14:22
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
| |
11.1 | 1 | {{toc/}} |
| |
1.1 | 2 | |
| |
11.1 | 3 | ---- |
| 4 | |||
| |
19.1 | 5 | When a DigDash dashboard is embedded in a web page hosted on a different server, the browser blocks requests as a security measure. |
| |
1.1 | 6 | |
| |
19.1 | 7 | To allow portlets or dashboards to be displayed on a third-party domain, the following configurations must be carried out. |
| |
1.1 | 8 | |
| |
10.1 | 9 | (% class="box infomessage" %) |
| 10 | ((( | ||
| |
19.1 | 11 | **ℹ **All the steps below must be carried out on the source server hosting the DigDash portlets or dashboards (e.g. mydashboard.com). The site displaying the portlets or dashboards (e.g. mywebsite.com) requires no specific configuration, other than being correctly listed in the source server’s permissions. |
| |
10.1 | 12 | ))) |
| 13 | |||
| |
19.1 | 14 | = Web Server Configuration (Nginx) = |
| |
1.1 | 15 | |
| |
19.1 | 16 | This step enables the browser to accept responses from the remote DigDash server (the site hosting the dashboard): |
| |
1.1 | 17 | |
| |
19.1 | 18 | == Defining authorised domains == |
| |
1.1 | 19 | |
| |
19.1 | 20 | In the Nginx configuration file for the site hosting the dashboard, use a `map` block to list the trusted origins. This block must be placed before the `server {}` block or at the start of your configuration file. |
| |
1.1 | 21 | |
| 22 | {{code language="nginx"}} | ||
| 23 | map $http_origin $cors_origin { | ||
| |
6.1 | 24 | default ""; |
| 25 | "https://mywebsite.com" $http_origin; | ||
| 26 | "https://mydashboard.com" $http_origin; | ||
| |
1.1 | 27 | } |
| 28 | {{/code}} | ||
| 29 | |||
| |
19.1 | 30 | == Adding Security Headers == |
| |
1.1 | 31 | |
| |
19.1 | 32 | Within the `server {}` block of your site hosting the dashboard, add the following directives to authorise access and manage cookies: |
| |
1.1 | 33 | |
| |
2.1 | 34 | {{code language="nginx"}} |
| |
19.1 | 35 | # 1. Dynamic Origin Authorization |
| |
2.1 | 36 | add_header Access-Control-Allow-Origin $cors_origin always; |
| 37 | add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always; | ||
| 38 | add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-gwt-module-base, x-gwt-permutation, x-requested-with" always; | ||
| 39 | add_header Access-Control-Allow-Credentials "true" always; | ||
| |
1.1 | 40 | |
| |
19.1 | 41 | # 2. Cookie management in embedded mode |
| |
2.1 | 42 | location / { |
| 43 | proxy_cookie_path / "/; Secure; SameSite=None;"; | ||
| 44 | } | ||
| 45 | {{/code}} | ||
| |
1.1 | 46 | |
| |
14.1 | 47 | (% class="box infomessage" %) |
| |
2.1 | 48 | ((( |
| |
19.1 | 49 | 💡 For the integration to work, the DigDash source server (which provides the portlets or dashboards) must be accessible via HTTPS. |
| |
2.1 | 50 | ))) |
| |
1.1 | 51 | |
| |
19.1 | 52 | == Restarting the service == |
| |
1.1 | 53 | |
| |
19.1 | 54 | To apply the changes, check the configuration and reload Nginx: |
| |
1.1 | 55 | |
| |
8.1 | 56 | {{code language="shell"}} |
| 57 | sudo nginx -t | ||
| 58 | sudo service nginx reload | ||
| |
7.1 | 59 | {{/code}} |
| 60 | |||
| |
19.1 | 61 | = DigDash configuration = |
| |
7.1 | 62 | |
| |
19.1 | 63 | After configuring the Nginx server, you must define the authorised URLs within the application to enable protection against CSRF attacks. |
| |
7.1 | 64 | |
| |
19.1 | 65 | 1. Edit the file**/etc/digdash/digdash.properties** |
| |
1.1 | 66 | 1. ((( |
| |
19.1 | 67 | Modify or add the following property: |
| |
1.1 | 68 | |
| |
4.1 | 69 | {{code language="properties"}} |
| |
19.1 | 70 | # List of domains separated by a comma |
| |
4.1 | 71 | digdash_dashboard.PROP_CSRF_TARGET_ORIGIN=https://mywebsite.com,https://mydashboard.com |
| 72 | {{/code}} | ||
| 73 | ))) | ||
| |
1.1 | 74 | |
| |
19.1 | 75 | Alternatively, you can disable CSRF protection (not recommended): |
| |
1.1 | 76 | |
| |
4.1 | 77 | {{code language="properties"}} |
| 78 | digdash_dashboard.PROP_CSRF_CHECK=false | ||
| 79 | {{/code}} | ||
| |
1.1 | 80 | |
| |
7.1 | 81 | (% start="3" %) |
| |
19.1 | 82 | 1. Restart the DigDash server:((( |
| |
8.1 | 83 | {{code language="shell"}} |
| |
7.1 | 84 | sudo service tomcat10 restart |
| |
1.1 | 85 | |
| |
7.1 | 86 | {{/code}} |
| 87 | ))) |