Enable Online help editing

Home / For Developers / Enable Online help editing

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object> (more info in X-Frame-Options – HTTP | MDN (mozilla.org)).

Integration of PiSuite in your website does not require any access to your website’s cookies and there is no requirement to allow your website to be open in an IFrame. Hence, the X-Frame-Options header is not important.

In the PiSuite Admin site, you can visually select elements in a page from your web site and define help content for each individual element (see PiSuite Demo) in that page. This is the only PiSuite functionality that requires your website to be open in an IFrame element inside the PiSuite Admin site.

If you have security concerns about the following settings, then we recommend that you make them in your development or other non-production environment. Then you can use your non-production environment to visually select page elements from your site and define their help content, which then becomes visible in all your environments including the production environment.

In order to enable the visual selection of page elements from your site, you need to enable the following:

  1. Allow your web site to be hosted in an IFrame in app.pisuite.com by adding the following HTTP header:

Access-Control-Allow-Origin: https://app.pisuite.com

For example, in a .NET web application add the following setting to your web.config file:

<httpprotocol>
<customheaders>
<add name="Access-Control-Allow-Origin" value="https://app.pisuite.com">
</add>
</customheaders>
</httpprotocol>

2. If your site uses Cookies e.g. for user authentication, then your Cookies will have to have the attributes

SameSite=None and Secure

as in

Set-Cookie: MyCookie=123Jump; SameSite=None; Secure

If you are concerned about the security applications of these settings, then we recommend that you make them in your development or other non-production environment. Then you can use your non-production environment to visually select page elements from your site and define their help content, which then becomes visible in all your environments including the production environment.