[Pkg-owncloud-commits] [owncloud-doc] 48/71: add browser console examples

David Prévot taffit at moszumanska.debian.org
Sun May 31 01:58:40 UTC 2015 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud-doc.

commit f198d2b4be9c420e5f3ee92ce3e31d88aeb69a1d
Author: Carla Schroder <carla at owncloud.com>
Date:   Thu Apr 23 13:39:09 2015 -0700

    add browser console examples
---
 admin_manual/configuration/external_sites.rst |  26 ++++++++++++++++++++++----
 admin_manual/images/external-sites-4.png      | Bin 0 -> 102623 bytes
 admin_manual/images/external-sites-5.png      | Bin 0 -> 111033 bytes
 3 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/admin_manual/configuration/external_sites.rst b/admin_manual/configuration/external_sites.rst
index 415cba8..e8cd580 100644
--- a/admin_manual/configuration/external_sites.rst
+++ b/admin_manual/configuration/external_sites.rst
@@ -10,8 +10,10 @@ Sites app, as this screenshot shows.
 
    *Click to enlarge*
 
-This is a useful tool for quick access to important Web pages such as the 
-ownCloud manuals, and informational pages for your company.
+This is useful for quick access to important Web pages such as the 
+ownCloud manuals and informational pages for your company, and for presenting 
+external pages inside your custom ownCloud branding, if you use your own custom 
+themes.
 
 The External sites app is included in all versions of ownCloud. Go to **Apps >  
 Not Enabled** to enable it. Then go to your ownCloud Admin page to create your 
@@ -35,5 +37,21 @@ to protect Web surfers from dangerous links, and safety apps like
 `Privacy Badger <https://www.eff.org/privacybadger>`_ and ad-blockers may block 
 embedded pages. It is strongly recommended to enforce HTTPS on your ownCloud 
 server; do not weaken this, or any of your security tools, just to make 
-embedded Web pages work. It is recommended to link only to pages that do not 
-require logins, because of the risk of clickjacking in IFrames.
\ No newline at end of file
+embedded Web pages work. After all, you can freely access them outside of 
+ownCloud.
+
+Most Web sites that offer login functionalities use the ``X-Frame-Options`` or 
+``Content-Security-Policy`` HTTP header which instructs browsers to not 
+allow their pages to be embedded for security reasons (e.g. "Clickjacking"). You 
+can usually verify the reason why embedding the website is not possible by using 
+your browser's console tool. For example, this page has an invalid SSL 
+certificate.
+
+.. figure:: ../images/external-sites-4.png
+
+On this page, X-Frame-Options prevents the embedding.
+
+.. figure:: ../images/external-sites-5.png
+
+There isn't much you can do about these issues, but if you're curious you can 
+see what is happening.
\ No newline at end of file
diff --git a/admin_manual/images/external-sites-4.png b/admin_manual/images/external-sites-4.png
new file mode 100644
index 0000000..0e7fe11
Binary files /dev/null and b/admin_manual/images/external-sites-4.png differ
diff --git a/admin_manual/images/external-sites-5.png b/admin_manual/images/external-sites-5.png
new file mode 100644
index 0000000..2be1397
Binary files /dev/null and b/admin_manual/images/external-sites-5.png differ

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-doc.git

More information about the Pkg-owncloud-commits mailing list