Currently, the app creates an xfc Provider and has the ACLs set using a hard-coded array of all relevant, Cerner-related domains. This poses an issue in that using this library to facilitate embedding your application in a Cerner Powerchart setting, prevents your application from being hosted by any other domain.
I am proposing to update the library so that CernerSmartEmbeddableLib will accept an additionalAcls array as a parameter in it's init function. This array of additional ACLs will be merged with the hard-coded array of Cerner related domains. It would allow the library to be setup in a similar manner to the current CSP frame-ancestors header - taking an array of domains that will allow the hidden attribute to be removed and the app displayed in an iframe hosted by those domains.
Currently, the app creates an xfc Provider and has the ACLs set using a hard-coded array of all relevant, Cerner-related domains. This poses an issue in that using this library to facilitate embedding your application in a Cerner Powerchart setting, prevents your application from being hosted by any other domain.
I am proposing to update the library so that CernerSmartEmbeddableLib will accept an
additionalAcls
array as a parameter in it'sinit
function. This array of additional ACLs will be merged with the hard-coded array of Cerner related domains. It would allow the library to be setup in a similar manner to the current CSPframe-ancestors
header - taking an array of domains that will allow thehidden
attribute to be removed and the app displayed in an iframe hosted by those domains.