WebApplication.Security
From Xojo Documentation
or
WebAppSecurityOptionsValue = aWebApplication.Security
New in 2014r3
Supported for all project types and targets.
Controls whether or not a web app can appear in an <iframe> tag on another html page or allows you to change the SSL connection type that is used.
Notes
The following class constants can be used to set the FrameEmbedding property:
| Constant | Description |
|---|---|
| WebAppSecurityOptions.FrameOptions.Deny | Does not allow a web application to appear in an <iframe> in another html page, regardless of the domains involved. |
| WebAppSecurityOptions.FrameOptions.Allow | Allows a web application to appear in an <iframe> of another html page, regardless of its domain. |
| WebAppSecurityOptions.FrameOptions.SameOrigin | (Default) Allows the web application to appear in an <iframe> of another html page, as long as the domains exactly match. |
To change the ConnectionType property:
| Constant | Description |
|---|---|
| WebAppSecurityOptions.ConnectionTypes.SSLv23 | A TLS/SSL connection established with this enum may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern. |
| WebAppSecurityOptions.ConnectionTypes.TLSv1 | TLS (Transport Layer Security) version 1. |
| WebAppSecurityOptions.ConnectionTypes.TLSv11 | TLS (Transport Layer Security) version 1.1 |
| WebAppSecurityOptions.ConnectionTypes.TLSv12 | (Default) TLS (Transport Layer Security) version 1.2 |
Notes
Prior to 2014r3, the default behavior was equivalent to WebAppSecurityOptions.FrameOptions.Allow. If you need to restore that behavior, you can add the code from the example below to your project.
In 2014r2, this value was hard coded to the equivalent of WebAppSecurityOptions.FrameOptions.SameOrigin, but was reverted to the previous behavior in 2014r2.1.
By default, the ConnectionType uses TLSv12.
Sample Code
To allow a web app to appear in an <iframe> on any web page from any server, you can set the Allow option in the Open event of the app:
To use an older connection type (not recommended):