Last modified by Aurelie Bertrand on 2026/06/22 14:22

Hide last authors
Aurelie Bertrand 11.1 1 {{toc/}}
Aurelie Bertrand 1.1 2
Aurelie Bertrand 11.1 3 ----
4
Aurelie Bertrand 19.1 5 When a DigDash dashboard is embedded in a web page hosted on a different server, the browser blocks requests as a security measure.
Aurelie Bertrand 1.1 6
Aurelie Bertrand 19.1 7 To allow portlets or dashboards to be displayed on a third-party domain, the following configurations must be carried out.
Aurelie Bertrand 1.1 8
Aurelie Bertrand 10.1 9 (% class="box infomessage" %)
10 (((
Aurelie Bertrand 19.1 11 **ℹ **All the steps below must be carried out on the source server hosting the DigDash portlets or dashboards (e.g. mydashboard.com). The site displaying the portlets or dashboards (e.g. mywebsite.com) requires no specific configuration, other than being correctly listed in the source server’s permissions.
Aurelie Bertrand 10.1 12 )))
13
Aurelie Bertrand 19.1 14 = Web Server Configuration (Nginx) =
Aurelie Bertrand 1.1 15
Aurelie Bertrand 19.1 16 This step enables the browser to accept responses from the remote DigDash server (the site hosting the dashboard):
Aurelie Bertrand 1.1 17
Aurelie Bertrand 19.1 18 == Defining authorised domains ==
Aurelie Bertrand 1.1 19
Aurelie Bertrand 19.1 20 In the Nginx configuration file for the site hosting the dashboard, use a `map` block to list the trusted origins. This block must be placed before the `server {}` block or at the start of your configuration file.
Aurelie Bertrand 1.1 21
22 {{code language="nginx"}}
23 map $http_origin $cors_origin {
Aurelie Bertrand 6.1 24 default "";
25 "https://mywebsite.com" $http_origin;
26 "https://mydashboard.com" $http_origin;
Aurelie Bertrand 1.1 27 }
28 {{/code}}
29
Aurelie Bertrand 19.1 30 == Adding Security Headers ==
Aurelie Bertrand 1.1 31
Aurelie Bertrand 19.1 32 Within the `server {}` block of your site hosting the dashboard, add the following directives to authorise access and manage cookies:
Aurelie Bertrand 1.1 33
Aurelie Bertrand 2.1 34 {{code language="nginx"}}
Aurelie Bertrand 19.1 35 # 1. Dynamic Origin Authorization
Aurelie Bertrand 2.1 36 add_header Access-Control-Allow-Origin $cors_origin always;
37 add_header Access-Control-Allow-Methods "GET, POST, OPTIONS" always;
38 add_header Access-Control-Allow-Headers "Content-Type, Authorization, x-gwt-module-base, x-gwt-permutation, x-requested-with" always;
39 add_header Access-Control-Allow-Credentials "true" always;
Aurelie Bertrand 1.1 40
Aurelie Bertrand 19.1 41 # 2. Cookie management in embedded mode
Aurelie Bertrand 2.1 42 location / {
43 proxy_cookie_path / "/; Secure; SameSite=None;";
44 }
45 {{/code}}
Aurelie Bertrand 1.1 46
Aurelie Bertrand 14.1 47 (% class="box infomessage" %)
Aurelie Bertrand 2.1 48 (((
Aurelie Bertrand 19.1 49 💡 For the integration to work, the DigDash source server (which provides the portlets or dashboards) must be accessible via HTTPS.
Aurelie Bertrand 2.1 50 )))
Aurelie Bertrand 1.1 51
Aurelie Bertrand 19.1 52 == Restarting the service ==
Aurelie Bertrand 1.1 53
Aurelie Bertrand 19.1 54 To apply the changes, check the configuration and reload Nginx:
Aurelie Bertrand 1.1 55
Aurelie Bertrand 8.1 56 {{code language="shell"}}
57 sudo nginx -t
58 sudo service nginx reload
Aurelie Bertrand 7.1 59 {{/code}}
60
Aurelie Bertrand 19.1 61 = DigDash configuration =
Aurelie Bertrand 7.1 62
Aurelie Bertrand 19.1 63 After configuring the Nginx server, you must define the authorised URLs within the application to enable protection against CSRF attacks.
Aurelie Bertrand 7.1 64
Aurelie Bertrand 19.1 65 1. Edit the file**/etc/digdash/digdash.properties**
Aurelie Bertrand 1.1 66 1. (((
Aurelie Bertrand 19.1 67 Modify or add the following property:
Aurelie Bertrand 1.1 68
Aurelie Bertrand 4.1 69 {{code language="properties"}}
Aurelie Bertrand 19.1 70 # List of domains separated by a comma
Aurelie Bertrand 4.1 71 digdash_dashboard.PROP_CSRF_TARGET_ORIGIN=https://mywebsite.com,https://mydashboard.com
72 {{/code}}
73 )))
Aurelie Bertrand 1.1 74
Aurelie Bertrand 19.1 75 Alternatively, you can disable CSRF protection (not recommended):
Aurelie Bertrand 1.1 76
Aurelie Bertrand 4.1 77 {{code language="properties"}}
78 digdash_dashboard.PROP_CSRF_CHECK=false
79 {{/code}}
Aurelie Bertrand 1.1 80
Aurelie Bertrand 7.1 81 (% start="3" %)
Aurelie Bertrand 19.1 82 1. Restart the DigDash server:(((
Aurelie Bertrand 8.1 83 {{code language="shell"}}
Aurelie Bertrand 7.1 84 sudo service tomcat10 restart
Aurelie Bertrand 1.1 85
Aurelie Bertrand 7.1 86 {{/code}}
87 )))