Help Center
Data Privacy and security for Sharing Public link
Can a link that is shared with a customer kept private, so that the customer can’t share it publicly anywhere?
For the said privacy, the user needs to be first be added to Prolaborate. The necessary access and permission need to be provided to that user only for the said item along with the share URL settings to be disabled in the Repository settings.
How should you configure the webserver to prevent Clickjacking attacks and ensure Content Security Policy (CSP) compatibility?
To safeguard against Clickjacking attacks, configure the Prolaborate.json (C:\Program Files\Prolaborate\Config\Prolaborate.json) using the parameter mentioned below. The setting allows the web application to be embedded in any domain and access external resources. To safeguard against such vulnerabilities, it’s crucial to restrict these configurations to trusted domains and authorized external sources, mitigating the risk of data compromise and Clickjacking attacks.
| Parameters | Original Configuration | Modified Configuration to enable restriction |
|---|---|---|
| AllowedFrameHost: This permit receiving responses to Prolaborate from external sources. |
The “*” allows all domains to have access to Prolaborate data. Example: “AllowedFrameHost”: [“*”] |
To allow only specific domains, replace “*” with the domain URL. You can add multiple domain URLs using commas as separators. Example: “AllowedFrameHost”: [“microsoft.com, atlassian.com”] |
| AllowedExternalSource: This allows sending responses to external sources from Prolaborate. | The “*” allows all domains to have access to Prolaborate data. Example: “AllowedExternalSource”: [“*”] |
To allow only specific domains, replace “*” with the domain URL. You can add multiple domain URLs using commas as separators. Example: “AllowedExternalSource”: [“microsoft.com, atlassian.com”] |
