search

pvd-malaria / shiny-server

http://promalaria.nepo.unicamp.br
0 stars 0 forks source link

Adicionar regra de iframe no dockerfile shiny-server. #4

Open willianson opened 2 years ago

willianson commented 2 years ago

If your Shiny Server Pro installation is intended to allow authenticated apps to be loaded within iframes, you MUST:

  1. Ensure that you are using Shiny Server Pro 1.5.14 or later. This version added support for a SameSite=None cookie attribute that is required by newer browsers.
  2. Configure Shiny Server Pro to use HTTPS, not HTTP. This can be done either using our built-in SSL support or using an HTTPS reverse proxy. (If you're not sure what a reverse proxy is, we recommend you just use the built-in SSL support).
  3. Edit your /etc/shiny-server/shiny-server.conf file to include the directive auth_frame_options allow; at the top level. Without this directive, browsers will refuse to display the login page within an iframe.
  4. Edit the /etc/shiny-server/shiny-server.conf file must also include the directive secure_cookies always; at the top level. Without this directive, if we're loaded within an iframe, newer browsers may ignore the authentication cookies that we set.
  5. Be aware that this configuration will still fail for Safari 13.1+, and will likely fail for Google Chrome starting in 2022.

For an in-depth explanation of the issues involved when serving cookies within iframes, see https://web.dev/samesite-cookies-explained/.

cbeluzo commented 2 years ago

Precisamos de outra solução, sem IFrame ....

"Be aware that this configuration will still fail for Safari 13.1+, and will likely fail for Google Chrome starting in 2022."

Voltar as páginas para usar as URLs antigas ... (este maldito shiny ... nunca mais)

willianson commented 2 years ago

✅ Rollback feito.