Nexeed Documentations
Search
Web Portal 5.21
  • Integration Guide
  • Core Services
    • ID Builder
      • 3.6
      • 3.5
    • Deviation Processor
      • 1.10
      • 1.9
      • 1.8
    • Multitenant Access Control
      • 1.34.0
      • 1.33.0
      • 1.32.0
    • Notification Service
      • 1.27
      • 1.26
    • Ticket Management
      • 7.17.1
      • 7.17.0
      • 7.16.0
    • Web Portal
      • 5.21
      • 5.20
    • Block Management
  • Shopfloor Management
    • Global Production Overview
      • 5.8
      • 5.7
      • 5.6
    • Shopfloor Management Essentials
  • Machine & Equipment
    • Condition Monitoring
      • 4.6.0
      • 4.5.1
      • 4.5.0
      • 4.4.1
      • 4.4.0
    • Tool Management
      • 2.9
      • 2.8
      • 2.7
    • Maintenance Management
  • Product & Quality
    • Product Setup Management
      • 3.10
      • 3.8
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
      • 3.9
      • 3.8
      • 3.7
    • Order Management
      • 5.9
      • 5.8
      • 5.7
  • Intralogistics
    • Transport- & Stockmanagement
      • 4.2.0
      • 4.0.2
  • Machine & Equipment
    • Condition Monitoring
      • 4.6.0
      • 4.5.1
      • 4.5.0
      • 4.4.1
      • 4.4.0
    • Maintenance Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • ERP Connectivity
      • 4.12.0
      • 4.11.0
      • 4.10.0
    • Data Publisher
    • Information Router
    • Master Data Management
      • 8.5.1
      • 8.5.0
      • 8.4.2
      • 8.4.1
      • 8.4.0
    • Orchestrator

Nexeed
Web Portal

    • Introduction
    • Concepts
      • General
      • Navigation
      • Dashboard
      • Cross-module communication
      • Documents
      • Security
      • Limitations
    • How to…​
      • register your module & views
      • implement context contribution
      • develop a Web Portal-compatible frontend
      • use the iframe integration library
      • build widgets
      • check the integration status
      • develop from localhost
      • improve UI performance
    • Troubleshooting
    • Breaking changes
    • Glossary
    • API Documentation
  • Web Portal
  • Concepts
  • Limitations
5.21 5.20

Limitations

The iframe integration approach has certain technical limitations due to the constraints imposed by browsers on iframes.

The sandbox attribute of the iframe is set to allow-same-origin allow-scripts allow-modals allow-forms allow-downloads allow-popups.

Headers

The view intended to be displayed in Web Portal’s iframe must also allow the same. There are two HTTP headers that could potentially prevent this. If either of these headers is set to a restrictive value, the view will be unable to load within an iframe.

  • X-FRAME-OPTIONS - if set to DENY, the page can not be loaded in an iframe. While it could be set to ALLOW-FROM, this is not universally supported by all browsers. The best option would be to not set it at all, as it is being replaced by the frame-ancestors policy.

  • Content-Security-Policy: frame-ancestors 'none' - if set like this, the page cannot be displayed in the iframe. In this case, Web Portal’s domain must be added to the whitelist to allow the page to be displayed within the iframe.

Modals/dialogs, tooltips, drop-downs

The content of the module’s UI is constrainedby the size of the iframe.It’s important to consider this limitation when opening modals in the UI and apply styling to ensure they are not cut off, which would render them unusable for the users.
The same consideration applies to drop-downs or tooltips that might be opened in a direction where there is no more space within the iframe. These elements should be carefully positioned to ensure they remain fully visible and functional within the iframe.

Communication with Web Portal

The sole method for the module UI to communicate with Web Portal is through the postMessage API. For deep-linking, accessing user settings (such as language), receiving messages, and other functionalities to function properly, Web Portal necessitates the implementation of a front-end API by the module UI, as specified in the UI API.
It is highly recommended to utilize the provided iframe-integration library, as it streamlines the postMessage calls in an easily consumable, Promise-based manner. Additionally, it manages the initial handshaking process.

Communication with other module’s back-end API

This is not so much a limitation of the iframe integration, but rather a consequence of the single audience mode of Multitenant Access Control. In this mode, one module’s UI cannot call another module’s back-end API using the same token that is used for its own API. Each token can only be used for a single audience. Please check out the Multitenant Access Control Developer Documentation for further information on this.

Sanitizing Iframe URLs

Every URL which is put into the "src" attribute of the <iframe> tag is getting sanitized by encodeURIComponent() or encodeURI().

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2024, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses