Configuring multi-domain integration

Last modified by Aurelie Bertrand on 2026/06/22 14:22


When a DigDash dashboard is embedded in a web page hosted on a different server, the browser blocks requests as a security measure.

To allow portlets or dashboards to be displayed on a third-party domain, the following configurations must be carried out.

ℹ All the steps below must be carried out on the source server hosting the DigDash portlets or dashboards (e.g. mydashboard.com). The site displaying the portlets or dashboards (e.g. mywebsite.com) requires no specific configuration, other than being correctly listed in the source server’s permissions.

Web Server Configuration (Nginx)

This step enables the browser to accept responses from the remote DigDash server (the site hosting the dashboard):

Defining authorised domains

In the Nginx configuration file for the site hosting the dashboard, use a `map` block to list the trusted origins. This block must be placed before the `server {}` block or at the start of your configuration file.

map $http_origin $cors_origin {
default "";
"https://mywebsite.com"  $http_origin;
"https://mydashboard.com" $http_origin;
}

Adding Security Headers

Within the `server {}` block of your site hosting the dashboard, add the following directives to authorise access and manage cookies:

# 1. Dynamic Origin Authorization
add_header Access-Control-Allow-Origin      $cors_origin always;
add_header Access-Control-Allow-Methods     "GET, POST, OPTIONS" always;
add_header Access-Control-Allow-Headers     "Content-Type, Authorization, x-gwt-module-base, x-gwt-permutation, x-requested-with" always;
add_header Access-Control-Allow-Credentials "true" always;

# 2. Cookie management in embedded mode
location / {
   proxy_cookie_path / "/; Secure; SameSite=None;";
}

💡 For the integration to work, the DigDash source server (which provides the portlets or dashboards) must be accessible via HTTPS.

Restarting the service

To apply the changes, check the configuration and reload Nginx:

sudo nginx -t
sudo service nginx reload

DigDash configuration

After configuring the Nginx server, you must define the authorised URLs within the application to enable protection against CSRF attacks.

  1. Edit the file/etc/digdash/digdash.properties
  2. Modify or add the following property:

    # List of domains separated by a comma
    digdash_dashboard.PROP_CSRF_TARGET_ORIGIN=https://mywebsite.com,https://mydashboard.com

Alternatively, you can disable CSRF protection (not recommended):

digdash_dashboard.PROP_CSRF_CHECK=false
  1. Restart the DigDash server:
    sudo service tomcat10 restart