Re-evaluate FRAME_DOMAIN
as configuration variable
#335
Labels
back end
Involves changes to the Express application or other server-related files
config change
Involves a change to the configuration file/format
enhancement
New feature or request
@lsloan and @pushyamig shared some observations and points about
FRAME_DOMAIN
(see #316 for introduction of it). These changes might be considered in the future, but the current arrangement is functional.FRAME_DOMAIN
seems to always be the hostname fromCANVAS_INSTANCE_URL
. Perhaps the value forFRAME_DOMAIN
should be derived from that other value. @lsloan suggested that it perhaps ifFRAME_DOMAIN
isn't specified,CANVAS_INSTANCE_URL.replace('https://')
could be the fallback. I lean slightly towards either keeping them as using the same value, or different values, rather than introducing harder to document/implement fallback logic, but the possibility has some merit.@pushyamig suggested that we may at one point need CSP settings for
frame-src
(orframe-ancestors
) to use multiple domains. There is not yet a use case for this, but we could make the value a JSON array or a CSV if we anted to allow multiple strings. The idea of a multi-tenant CCM would require significant refactoring though, sinceCanvasService
and its related configuration are designed to work with just one Canvas instance (though I could multiple instances ofCanvasService
potentially solving that problem).The text was updated successfully, but these errors were encountered: