Plus - I'm a little weary of relying on Javascript redirects for anything important. For example, you could add some validation of the curl'd $data to make sure it's really what you want before displaying it - for example, test to make sure it's not a 404, and have alternate content of your own ready if it is. The upside, though, is it's more flexible.
Secondly, it is possible to apply row level security to the. Consider these things in the context of your own site. cedboumfrancois, Firstly, you can embed Power BI reports in Visualforce pages inside Salesforce following the guide in this blog, and in this blog, it uses Power BI embed which requires Power BI Premium license. This is just a MINIMAL example to illustrate the idea - it doesn't sanitize the URL, nor would it prevent someone else using the redirect.php for their own purposes. I know this is an old post, but another solution would be to use cURL, for example: Access Trailhead, your Trailblazer profile, community, learning, original series, events, support, and more. Also note that these 'hacks' may become obsolete over time. Note, that you can disable this security measure in most browsers (yourself, not for others). There are no completely kosher ways around this security risk so the above are just current work arounds. The real issue is that having http elements inside a https site represents a security issue. Unless you can get the http site owner to create an ssl certificate, the most secure and permanent solution would be to create an RSS feed grabing the content you need (presumably you are not actually 'doing' anything on the http site -that is to say not logging in to any system). If for no other reason than it increases seo. Customers using the public clients apps (iOS/Android/web) authenticate to Auth0, while staff using Salesforce authenticate directly. The microsite will call a back-end API layer where operations are protected by OAuth 2.0. The third-party app must also support iFrame. You could/should also recommend to the http site owner that they create an ssl connection. The native apps will either use WebView or in-app-browser-tab, while the web app & Salesforce (Canvas) will use iframes. If the Salesforce app doesnt allow iFrame embedding, you cannot embed the app in an iFrame using Trusted Origins. Which has a simple js redirect script like.Īlternatively, you could add an RSS feed or write some reader/parser to read the http site and display it within your https site. Something like: (you can use any langauge/method) Use a Third party such as embed.ly (but it it really only good for well known http APIs).Ĭreate your own redirect script on an https page you control (a simple javascript redirect on a relative linked page should do the trick. The best solution I created is to simply use google as the ssl proxy.
Navigating or redirecting to an HTTP URL in an iframe embedded in an HTTPS page is not permitted by modern browsers, even if the frame started out with an HTTPS URL. Note: While this solution may have worked in some browsers when it was written in 2014, it no longer works.
0 kommentar(er)
