Embeded Results

[SirDarquan]

I don't know if you know this or not but the Iframe for the results in TeamCity isn't allowed to display. SauceLabs has the page set 'X-Frame-Options' to 'DENY'. If you are in a position to have this updated just for this page, that'd be great. Otherwise you need to manually construct a page based on the data from the API call or just remove the option altogether.

[rossrowe]

Thanks for letting us know, I'll do some investigation to see how we can resolve it.

On Wed, Feb 11, 2015 at 12:42 AM, SirDarquan notifications@github.com wrote:

I don't know if you know this or not but the Iframe for the results in TeamCity isn't allowed to display. SauceLabs has the page set 'X-Frame-Options' to 'DENY'. If you are in a position to have this updated just for this page, that'd be great. Otherwise you need to manually construct a page based on the data from the API call or just remove the option altogether.

— Reply to this email directly or view it on GitHub https://github.com/rossrowe/sauce-teamcity-plugin/issues/12.

[SirDarquan]

I know it's been awhile since I raised this issue but I believe that I know how it can be partially resolved. If you use the direct url of the job, the saucelabs site will take care of authentication. If I'm logged into saucelabs already, I'll see the job in TeamCity appropriately, but if I'm not logged in, there will be a redirect to the login page. Now the login page is what's setting the 'X-Frame-Options' to 'DENY' and I don't have an issue with that because it's a security measure. With this in place, you can at the minimum post somewhere the requirement to be logged in to see the results.

[SirDarquan]

Would it be possible for you to add an option to use auth tokens for viewing embedded results instead? We give the username and api key already and one of the requirements is to create a teamcity message with the job-id in it. If you have all three of these things AND the configuration allows no login links (or whatever you'd call it) then the embedded result should use auth tokens. I have a user specifically for my CI server so that takes care of security concerns and I understand that if I regenate its api key all the previously generated results will no longer be viewable. I think that is an acceptable risk that anyone would take as long as they're aware if it (e.g. in the read me and on the UI)