Skip to main content
Hi!





First of all: happy new year to you all! 🎉🎉🎉





We are going to implement to embeddable widget in our software. We've only got one issue for our on-premise customers: since they can determine themself how their URL will look like, it is not possible to have the embeddable widget for them, unless we take on a load of administration to make sure all domains are in the trusted domains for the embeddable widget.





Because we have a lot of customers running our software on-premise, and they change the url for time to time (when a new manager is in town, and he/she comes up with an even better url), the workload to get the trusted domains in sync is unacceptable. Simply to much red tape.





There are two imho two options:




  1. Make it possible to use the widget without trusted domains. But there are security/financial risks.

  2. Have an API that can add a trusted domain to the list of trusted domains. There is a small issue here, because the validation for trusted domains requires it to have a . character, while some of our customers use our software under f.i. http://insided



I've looked in the API documentation, and I couldn't find this possibility.





Did I overlook an other possibility?
Maybe we can do something ourselfs by rendering a iframe that only imports the script. That way we can run the script on a domain that is trusted, using it in a domain that is untrusted.





Or do you guys think that solution is... filthy?
Hey Koen - Happy New Year!





You're correct - there's currently no way to achieve this through a public API.





Not sure about your iframe idea - I wouldn't call it filthy since I'm not sure how it would work 😬, but maybe worth an investigation!





As you said, option #1 is a bit dodgy, especially considering the financial implications for pricing of the embeddables.





For option #2, the effort required to achieve this would be reasonably high, and would stop us working on other improvements, so it's a 'not now', right now at least (but not a never!).





However, I'd really love to see you guys using the embeddables in-app, so I'll make sure to keep the problem and the options you mentioned on my radar.
Thanks @daniel.boon!





For now we are going to implement the widget as a trial in our software for all our SaaS customers, so the trusted domains aren't an direct issue. When the trial is successful we'll give the iframe solution a try. Whatever the results may be: I'll post the results on your community so maybe other people can use that solution as well (or, know that it cannot be fixed with my suggested workaround).





As a fellow product owner I understand your 'not now' 🙂
Sounds like a good way forwards Koen!





Looking forward to seeing the results of your trial 🙂

Reply


Terms & ConditionsCookie settings