Configuring Content Security Policies
Enable this function if a large screen page is embedded into a third-party system (for example, in iframe mode) and cross-domain access is involved. This function reduces and reports XSS attacks and mitigates cross-site scripting attacks. In addition to restricting the domains that can load content, you can also specify the protocols that can be used to mitigate packet sniffing attacks.
Setting Content Security Policies
- Create a large screen page. For details, see Creating a Page.
- On the large screen development page, click
in the upper part of the page to save the page. - After the settings are saved, click
in the upper part of the page to publish the page. - Publish the link.
Figure 1 Publishing the link
- In Access Restrictions, configure a content security policy.
For example, embed the "City A Traffic Management" into a third-party system, as shown in Figure 2.
In the preceding information, frame-ancestors is a fixed format, and Domain Names is the domain name of the third-party system to be embedded in the large screen. In addition to the preceding scenarios, another typical scenario is to embed a large screen into a local file, as shown in Figure 3.
- Log in to the third-party system and add <iframe src="URL" ></iframe> to Elements.
Figure 4 Adding a large screen access address
URL indicates the access address of the large screen to be embedded. On the large screen publishing page, click
to obtain the URL, as shown in Figure 5.Figure 6 Large screen embedding effect
If you preview the page in traceless mode, ensure that Block third-party cookies is disabled. Otherwise, the page cannot be previewed.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
