Follow

Securing your Embedded iFrames

Securing your Embedded Iframes

To further secure your Zen Planner embedded iFrames, you can now guarantee only sites approved domains by you can embed your Member Connect iframes.

If you want to use Zen Planner Member Connect embeds on custom websites make sure to add the website domain to your approved domains list!

Key Points

  • Your primary and Member Connect websites are automatically added to your approved domains list. Only websites beyond these two are required to be entered in manually, like if you have a personal website in addition to your business website. 
  • Member Connect Embeds on non-approved websites will not show the embed, it will show as a blank iframe.
  • Websites that are not on your approved domains list will be blocked—iframes embedded on those sites will not render.

Why do I need to approve websites that can embed my Iframes?

This will prevent your iframes from being “click jacked” or used without your consent. What the heck is click jacking…? See more information about this kind of attack. This is one of many things Zen Planner is doing to stay PCI compliant.

In order to protect your content you need to add all websites where your iframes are embedded to your approved domains list in Studio. 

Where can I add custom websites?

Log into Studio and navigate to the bottom left corner and click on Setup. 

_b9b64b90b07f82b795b326e2b7b267f9__Image_2018-03-13_at_9.51.17_AM.png

Scroll down to the Member Connect section and click on Sharing & Embedding.

ClickjackingV7.png

In this section, you will see your existing Primary and Member Connect websites.

_729537f9d4832596b09f33009b67c257__Image_2018-03-13_at_9.38.39_AM.pngYour Primary website pulls from Setup > Business Info.

_115029ca524d6b8c2976c5c64b065c75__Image_2018-03-13_at_9.42.00_AM.pngChanges made to your primary website in Business Info the changes will reflect in this area. The Primary website domain cannot be changed from the Sharing & Embedding page.

The Member Connect website pulls from what is set up by the Zen Planner team. The Member Connect website domain that appears in Setup > Appearance will match what you see in this Sharing & Embedding page. 

_d4512354f5c2df1056ad0f1d5811751e__Image_2018-03-13_at_9.48.48_AM.png

Changes to the Member Connect website domain require Zen Planner help. If you would like to make a change to your Member Connect website domain please contact our support team at 866-541-3570 or help@zenplanner.com.  

How do I add a custom website?

From Studio > Setup > Sharing & Embedding navigate to the field and type in a valid website domain. There are examples listed below this field. Any prefix typed in the field (such as http or www) will be pared down to the simplest domain website name. 

Image_2018-03-13_at_9.54.00_AM.png

Only the parent page (home page) of a custom website needs to be added to your approved list. This will allow all child pages of that website to show Zen Planner iframes also! You may also include a website builder page here. 

How long will it take for embeds to appear on my custom website?

It will take just under a couple of minutes for the iFrames to show up on your custom website.

What if a website is not on the approved domains list?

If you use a Zen Planner iframe on a website that is not added on the approved list in Zen Planner, the iframe will not render. It will be a blank iframe. 

 

Please reach out to our support team if you have any questions! 866-541-3570 or help@zenplanner.com

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk