Embedding Decisions Forms In Same Origin iFrames
  • 01 Feb 2022
  • 1 Minute to read
  • Dark
  This documentation version is deprecated, please click here for the latest version.

Embedding Decisions Forms In Same Origin iFrames

  • Dark


Decisions uses cookies for authentication and iFrames for embedding Forms. In v6.20+, Decisions has the ability to handle proxied requests so that all traffic goes back through the host site. This allows everything to remain as same-origin from the browser's point of view. This ability is useful for self-hosted scenarios, where is less likely IIS or another technology is in between and could be used as a reverse proxy.

Browser Change to Cross-Domain Cookies
With iPadiOS 13.4+ and Safari 13.1+, cross-domain cookies are no longer allowed. As a result, embedded iFrames cannot authenticate Forms on Mac OS Safari or iOS at all. To learn more on this issue, visit Full Third-Party Cookie Blocking and More.


The following example will demonstrate how to configure the web.config file for proxy.

  1. Navigate to C:\Program Files\Decisions\Decisions Web Host and open the web.config file. 
  2. Edit the web.config file to include a true value for AllowProxyFrom and include the appropriate 'scheme:host' value for the ProxyFromWhiteList configuration option.
    Configuration Description
    AllowProxyFromTrue or False value. Allows feature to be enabled or disabled. Default is false.
    ProxyFromWhiteListComma-separated string-list of 'schema:host' values. Specifying a 'schema:host' value will limit where Decisions UI will rewrite UI traffic to. If nothing is specified, it will allow proxies from anywhere.
     <add key="AllowProxyFrom" value="true" />
     <add key="ProxyFromWhiteList" value="http://site-1,https://site-2" />

After enabling the proxy, the proxy will forward traffic, for example, from https://host-server/decisions to https://d-server/decisions. It will also change the origin of each request and add 'x-proxied-from : "https://host-server"'. The host's proxy test path and the Decisions virtual path are assumed to be the same in v6.20+.


Was this article helpful?