Some of the options provided by JotUrl (e.g., CTAs, URL masking) use IFrames to embed external pages.
An IFrame (inline frame) is an HTML document embedded in another HTML document on a website.The IFrame tag is often used to insert content from another source into a web page.
However, embedding is not always possible, it depends on the server that manages the web page (and therefore on its owner). Embedding is not possible if the server issues specific response headers. Please note that this is not a limitation of our engine, but it is a security policy of all modern browsers. However, JotUrl provides a tool that can help you check if a web page can be embedded or not.
Unfortunately, you cannot do anything if a web page is protected from incorporation and you are not its owner, but if you are the owner of this page you have only 3 choices:
- you can disable protection of your page for everyone on the Internet,
- you can ask your developers to add an exception for JotUrl, to direct your developers in the right direction here are some references Content-Security-Policy, X-Frame-Options
- you can use our disposable codes. In fact, our disposable codes allow you to embed your web page only when the embedding request comes from JotUrl options and without deactivating the protection for everyone.
What are one-time codes?
The one-time code is a unique, disposable and secure code that our engine generates when it embeds your web page. This code is passed to your server through the embedding request. Your server recognizes this code and temporarily disables protections thus allowing the embedding of your page. Of course, one-time codes requires some coding on your server, but we can support your developers (just open a ticket on our Help Center, if needed).
How and where to use one-time codes
Currently, we support one-time codes on CTAs and URL masking. To enable one-time codes:
- for CTAs: click on advanced options on the last step of the CTA creation/edit wizard, scroll down and select Yes in the Do you want to enable the one-time code option? field
- for URL masking: mark the flag Enable one-time code
In both cases, our user interface asks you to select the validity of the one-time code. The validity is the time in which the same code is valid. Please note that too short times can cause malfunctions, while too long times can give other users access to your page (for them it is sufficient to copy the one-time code).
Do you have any sample code for implementing one-time codes?
Sure! We have developed a Wordpress plugin in PHP that can be used as an example or installed in your Wordpress to implement one-time codes. The pre-configured plugin can be downloaded from our user interface:
- edit/create a CTA,
- in the last step of the CTA wizard you will find advanced options and enable the one-time code feature
- once enabled you will find a button that allows you to download the plugin
Below is a PHP example that implements one-time codes
<?php
define('OTC_PRIVATE_KEY', '<YOUR PRIVATE KEY>'); //private key
define('OTC_VALIDITY', 10 * 60); //10 minutes
function otc_generate_code($step = 0)
{
$time = time(); //UTC
$time_slot = floor($time / OTC_VALIDITY) + $step;
return sprintf('%X', crc32(md5($time_slot . OTC_PRIVATE_KEY)));
}
function otc_verify_code()
{
if (isset($_GET['_otc'])) {
$dc = $_GET['_otc'];
return ($dc === otc_generate_code() || $dc === otc_generate_code(-1));
}
return false;
}
if (otc_verify_code()) {
// remove the headers that prevent embedding
header_remove('x-frame-options');
header_remove('content-security-policy');
}
Further questions? Just ping us on the Help Center :)
Comments
0 comments
Article is closed for comments.