Allowing HTML iframe integration

Integrating Cameyo sessions into your own portal site requires some HTTP cross-site scripting permissions.

Integrating Cameyo with your own site requires some cross-site security permissions.

Integrating your Cameyo server

On your Cameyo server, open the file C:\RapPrereqs\Tomcat\webapps\ROOT\WEB-INF\web.xml and change the param-value to false

    <filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <init-param>
          <param-name>antiClickJackingEnabled</param-name>
          <param-value>false</param-value>
        </init-param>
    </filter>

Because this web.xml will be overwritten upon Cameyo updates, we recommend adding a script that changes this value automatically upon Cameyo service startup.

For this create a file named C:\RemoteAppPilot\OnRapStart\OnRapStart.ps1 with the following content:

$xmlFile = "C:\RapPrereqs\Tomcat\webapps\ROOT\WEB-INF\web.xml"
$xml = [xml](Get-Content -Path $xmlFile)
$ns = New-Object System.Xml.XmlNamespaceManager($xml.NameTable)
$ns.AddNamespace("ns", "http://java.sun.com/xml/ns/javaee")
$filterNode = $xml.SelectSingleNode("//ns:web-app/ns:filter/ns:init-param[ns:param-name='antiClickJackingEnabled']", $ns)
$valNode = $filterNode.SelectSingleNode("//ns:param-value", $ns)
if ($valNode.InnerText -eq 'true')
{
$valNode.InnerText = 'false'
$valNode.InnerText
$xml.Save($xmlFile)
}

Testing

When saving the modified web.xml, the HTTP server should automatically reload and take it into account within 30 seconds. To test that the correct headers are returned, access the Cameyo server's URL directly from a browser and check the returned headers within your Dev Tools console:


As long as you still can see X-Frame-Options: SAMEORIGIN, it won't work. Only if the X-Frame-Options entry disappears it will work.

Be aware that this setting is lowering security for this site as Clickjacking doesn't get prevented.
https://en.wikipedia.org/wiki/Clickjacking

Integrating Cameyo's cloud portal

If you'd like to be able to integrate Portal calls (https://online.cameyo.com) into your site, please contact Cameyo's technical support with the domain name to allow portal access from (i.e. 'mycompany.com'). Cameyo's security team will assess the request and can white-list your domain as an authorized cross-scripting source in the most secure way.