Show TOC

Whitelist ServiceLocate this document in the navigation structure

SAPUI5 supports the configuration of a central whitelist service.

frameOptions uses the whitelist service to determine whether the application should run in the parent origin or not. The whitelist service call uses the parent origin as URI parameter (URL encoded) as follows:

GET url/to/whitelist/service?parentOrigin=https://parent.domain.com

The service responds to the request with a valid JSON:

{
    "version" : "1.0",
    "active"  : true | false,                   // defines if entry is active (if not, framing will be allowed per default)
    "origin"  : "<same as passed to service>",
    "framing" : true | false                    // if active, describes if framing should be allowed (see FrameOptions)
}
Related Information