Extension Menu Security and Query Paramaters

Edcel Ceniza Updated by Edcel Ceniza

When creating a new menu item and selecting Extension Menu, you should see an overwhelming number of checkboxes that refers to the extension menu item's security and query parameters.

Extension Menu Item Sandbox Restrictions

The portal will only be able to display sites which does not have X-Frame options or Content Security Policy (CSP) to allow your client portal to embed. Please read MDN Web Docs X-Frame-Options and Content Security Policy for more information.

Upon adding an external site as your extension menu, it will be fully sandboxed by default for security.

What is a sandbox?

Sandboxing applies extra restrictions to the content in the frame that you are embedding in your DeskDirector portal. You can read more about sandbox in iframes in this document from MDN web docs.

In simpler terms, it's meant to protect your DeskDirector users from triggering something from the external site you embedded that will compromise their experience. In DeskDirector, sandbox restrictions can be easily lifted at your discretion. As a general rule, only disable sandbox or relax sandbox when you have control over the extension site.

Lifting Restrictions via security templates

To save you the headache of having to research what each sandbox option does, you can easily lift the sandbox restrictions by using security templates.

  • I own the site, I know what I'm doing : This template will basically lift all restrictions - no holds barred. This means you trust everything that this site will do when embedded into your portal.
  • I know this site, I trust it : This template will allow majority of the restrictions, aside from allowing top navigations and allowing top navigation by user activation. If you wan then enabled, you can always tick them, or just select the first template.
  • I found this site, avoid exploits : This template disables both restrictions from above, plus allowing pop-ups to escape. This means that pop-ups can't open new windows.
  • I don't trust this site : This basically is opposite of the first template. All restrictions are in place for this option
Extension Menu Item Query Parameters

Query Parameters allow the portal to also pass through certain information inside the query parameters that can be reused by the embedded site. This can be very useful for different scenarios as this adds capability for more personalization to the content on the embedded site.

Example use case of query parameters:

  • Use the parameter "Contact Name" to say a simple greeting in the embedded webpage
  • Use the Contact Email parameter to check if the email address has been compromised (see https://haveibeenpwned.com/)
  • Use the Company Name parameter and have the embedded page open a feed/stream of news that relates to the company.

A working example is discussed here - Dynamic content based on logged in user

The possibilities are endless in using the query parameters to present a more personalized experience for your users.

How did we do?

Creating Menu Items

Adding BiggerBrains Menu Item