Embed MATLAB Web App Using iframe HTML Element
Caution
Embedding a MATLAB® web app within an HTML iframe element on a
webpage can potentially introduce numerous security risks.
These risks include, but are not limited to, clickjacking, Cross-Site Scripting
(XSS), and Cross-Site Request Forgery (CSRF). Another factor to consider is that
this process requires a browser to enable cookies, introducing an additional
vulnerability. These risks collectively expose the system to a broader attack
surface. Therefore, it's crucial to ascertain that the MATLAB web app intended for embedding is both secure and trustworthy.
Furthermore, the embedding should only be permitted on websites that are proven
to be secure and trustworthy. This can be achieved by properly setting the
allowed_frame_ancestors option on the server, thus
providing an additional layer of protection.
You can embed a MATLAB web app in another web page using an iframe HTML
element. To accomplish this:
Use the
webapps-configcommand to set theallowed_frame_ancestorsoption on the server to the valid parent where the web app is embedded. For example, if you want to embed a MATLAB web app in a web page from the domainexample.com, execute the following command:webapps-config set allowed_frame_ancestors "https://www.example.com"
A valid parent refers to the URL of a web page that is authorized to embed a web app within an
iframetag. When a web page A tries to embed web app B within aniframetag, web page A is considered the parent of theiframeHTML element. If web page A's URL is listed as allowed using theallowed_frame_ancestorsoption, then it's a valid parent and the browser permits it to embed web app B.In the HTML source code of the web page where the web app is being embedded, use the
iframetag to specify the URL of the web app. For example:<iframe src=https://<server>:<port>/webapps/home/session.html?app={webAappName}></iframe>
The iframe tag element generates a rectangular section on the
HTML page, where it loads the specified web app from a given URL. This functionality
requires that a browser has cookies enabled.
When LDAP authentication is enabled and either MATLAB Web App Server™ or its hosted web apps are accessed for the first time via a browser, users will encounter a login page before gaining access to the web app.
This feature is also available when OIDC authentication is enabled on the server,
and the "prompt" field in webapps_authn.json
is configured with a "false" value. For details, see Authentication. To gain access
to the web application, the user must first authenticate their credentials via the
Identity Provider (IdP), following the Single Sign-On (SSO) process.
See Also
Related Topics
You can also select a web site from the following list:
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)