Liberação de acesso Embedded no Mattermost

Link: https://developers.mattermost.com/integrate/customization/embedding/
https://forum.mattermost.com/t/recipe-embedding-mattermost-in-web-applications-using-an-iframe-unsupported-recipe/10233

Any web application embedded into another using an iframe is at risk of security exploits, since the outer application intercepts all user input into the embedded application, an exploit known as Click-Jacking. By default, Mattermost disables embedding.

If you choose to embed Mattermost using the following instructions we highly recommend it is done only on a private network that you control.

To embed Mattermost in an iframe update your NGINX configuration to strip out the security policy settings in the HTTP header.

Replace all occurrences of the following line in your proxy config:

proxy_set_header X-Frame-Options SAMEORIGIN

Configuração no NGINX PROXY MANAGER no modo Advanced:

With the following two lines: 

proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;

You can view related forum posts here.

proxy_hide_header X-Frame-Options;
proxy_hide_header Content-Security-Policy;
add_header Content-Security-Policy "frame-ancestors 'self' https://domain.tld; script-src 'self' cdn.rudderlabs.com cdn.segment.com/analytics.js/";

I’m not a security expert but I guess this should be safe for production as well.

John CombsModerator

Feb 10

Heya @justinegeffen! Just wanted to say thanks for the awesome recipe here. Have any new recipes you’d like to share for 2025? Create a thread in the new “Recipes” topic to let us know!

Hello! Looks like you’re enjoying the discussion, but you haven’t signed up for an account yet.

Tired of scrolling through the same posts? When you create an account you’ll always come back to where you left off. With an account you can also be notified of new replies, save bookmarks, and use likes to thank others. We can all work together to make this community great.

Related topics