Main Content

Embed MATLAB Web App Using iframe HTML Element

Caution

Embedding a MATLAB® web app within an HTML iframe element on a webpage can potentially introduce numerous security risks. These risks include, but are not limited to, clickjacking, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Another factor to consider is that this process requires a browser to enable cookies, introducing an additional vulnerability. These risks collectively expose the system to a broader attack surface. Therefore, it's crucial to ascertain that the MATLAB web app intended for embedding is both secure and trustworthy. Furthermore, the embedding should only be permitted on websites that are proven to be secure and trustworthy. This can be achieved by properly setting the allowed_frame_ancestors option on the server, thus providing an additional layer of protection.

You can embed a MATLAB web app in another web page using an iframe HTML element. To accomplish this:

  • Use the webapps-config command to set the allowed_frame_ancestors option on the server to the valid parent where the web app is embedded. For example, if you want to embed a MATLAB web app in a web page from the domain example.com, execute the following command:

    webapps-config set allowed_frame_ancestors "https://www.example.com"

    A valid parent refers to the URL of a web page that is authorized to embed a web app within an iframe tag. When a web page A tries to embed web app B within an iframe tag, web page A is considered the parent of the iframe HTML element. If web page A's URL is listed as allowed using the allowed_frame_ancestors option, then it's a valid parent and the browser permits it to embed web app B.

  • In the HTML source code of the web page where the web app is being embedded, use the iframe tag to specify the URL of the web app. For example:

    <iframe src=https://<server>:<port>/webapps/home/session.html?app={webAappName}></iframe>

The iframe tag element generates a rectangular section on the HTML page, where it loads the specified web app from a given URL. This functionality requires that a browser has cookies enabled.

When LDAP authentication is enabled and either MATLAB Web App Server™ or its hosted web apps are accessed for the first time via a browser, users will encounter a login page before gaining access to the web app.

This feature is also available when OIDC authentication is enabled on the server, and the "prompt" field in webapps_authn.json is configured with a "false" value. For details, see Authentication. To gain access to the web application, the user must first authenticate their credentials via the Identity Provider (IdP), following the Single Sign-On (SSO) process.

See Also

Related Topics