HTTP Header Settings

HTTP Header Settings for Embedded Content

The HTTP header plays a crucial part in displaying embedded content correctly in your Staffbase platform. Configure the frame-ancestor directives in the HTTP header of your pages, services, and plugins to make them embeddable on desktop and native.

Where to Configure the HTTP Header

Go to the website or service you want to embed and configure the HTTP header settings. You cannot configure the HTTP settings within the Staffbase platform.

HTTP Header Values

Embedding into Staffbase works with the Content Security Policy (CSP) technology. To ensure that the rendering of embedded content is supported on all browsers, copy the following templates and replace the placeholders with your platform’s URL and domain.

Set the CSP entry for the frame-ancestors directive as:

Content-Security-Policy: frame-ancestors 'self' http://{appdomain} https://{appURL} http://staffbase.com capacitor://{appdomain} capacitor://staffbase.com localhost:*;
Your application’s URL looks like this:
  • https://myapp.mycompany.com
Replace { } in the directive with the following parts of your application URL:
  • appURL is myapp.mycompany.com
  • appdomain is mycompany.com

Additional Helpful Information