-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDK Does not support multiple delivery URLs #83
Comments
Hi Matt, thanks for reporting an issue :) This error message is, in fact, not related to the implementation of the Smart Link SDK. For security reasons, Kontent checks the origin of all incoming iframe messages and compares it with the provided preview URLs. Web Spotlight is not the only place where we use that check, for example, the origin of custom element messages is checked too. A possible workaround to this approach would be to initialize the SDK in another iframe on your website, where the website itself would act as a middleware for exchanging messages between Kontent and the SDK iframe. This is further described in a separate issue in the SDK's repository: #16 We will try to find a solution to your problem (and we will consider adding some kind of secret to communication). |
Hi @vladbulyukhin the issue we are experiencing is almost identical to what Matt posted. I was looking to get a bit more clarity on what the workaround implementation might look like. In terms of your proposed solution, would I be correct in that the content of the "proxy" iframe would need to be hosted on the same domain as the original preview url? |
The important thing is for the URL of the first iframe to match the preview URL set in the project settings in Kontent. The content of the internal iframe can then be hosted on a different domain. |
Understood, thanks @vladbulyukhin |
Brief bug description
What went wrong?
When developing an application with multiple URLs endpoints for the web, we need the ability to use SmartLink on different domains. In my scenario, I'm using an Azure Function to determine which URL should be used to preview content based primarily on the collection that the content belongs to. This performs a 302 redirect to the correct URL.
The issue then arises that Smark Link forces the origin and the preview URL to match. If they do not, an error is raised and the SmartLink SDK will not render. This is not compatible with the omnichannel narrative and ties Kontent to only being capable of supporting a single web application.
Repro steps
Expected behavior
SmartLink should open regardless of the different origin.
Test environment
Additional context
Other use cases here/scenarios are being able to provide a customer support portal, consumer-facing and B2B web application from the same project in Kontent.
If the concern/reason for this restriction is related to security, I'd rather make a 'secret' available in my applications that can be validated that the current implementation or the ability to add preview URL aliases. Simply preventing it (and also not documenting that limitation as far as I can see) is making working with Web Spotlight less of a delight than it could/should be :)
Screenshots
Add links to screenshots, if possible.
My preview URL for the above image looks like this:
https://gr-schedule.azurewebsites.net/api/gr-preview-url?secret=1234&cn={Codename}&col={Collection}&l={Lang}&url={URLSlug}
The text was updated successfully, but these errors were encountered: