Articles in this section

Reverse proxy for Newired

  • Updated

Goal: Inject snippet

To enable Newired in the application there must be a snippet on every application page. It means adding the code snippet to the body of the page. Because Newired needs to be executed after all other page elements are loaded, the best practice is to add a snippet after all elements, hence at the end of <body>.

Snippets should be only in the top document and not in inner documents like IFrames and its document body. Injecting in body elements of such documents must be avoided.

<script id="newired-snippet" async src="https://<content-delivery>/<siteId>/loader.js"
       onload="initOverlay()" onerror="loaderFailed()"></script>

<script>
    function initOverlay() {
        newired.initialize({
            backend: "https://<newired-portal>",
            collector: "https://<newired-portal>/collector/collector.js"
        })
    }

    function loaderFailed(e) {
        console.error("Loading of Newired Overlay failed. Cause: ", e)
    }
</script>

How: NGinx Example

If there is no direct way how to put the snippet into target application using the target application settings, we need to deploy (install) the snippet using the proxy server.

We usually create a filter that replaces the end tag of the body with a snippet.

 Like in NGinx:

sub_filter '</body>' '<script id="newired-snippet" async src="https://<content-delivery>/<siteId>/loader.js"
       onload="initOverlay()" onerror="loaderFailed()"></script>

<script>
    function initOverlay() {
        newired.initialize({
            backend: "https://<newired-portal>",

            collector: "https://<newired-portal>/collector/collector.js"
        })
    }

    function loaderFailed(e) {
        console.error("Loading of Newired Overlay failed. Cause: ", e)
    }
</script></body>';

Fix Content Security Policy issue

To unblock loading Newired resources is usually needed to update the Content Security Policy header. We noticed that your configuration already changes the security headers and mentioned one is unblocking all resources by default. Hence there is no need for an update. But it has to be thought about when some restrictions are done.

teamcenter-xxxxxxxxx.com {
    tls {
        dns route53
    }
    header {
        Strict-Transport-Security "max-age=63072000"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "sameorigin"
        Content-Security-Policy "upgrade-insecure-requests"
    }
    encode zstd gzip
    root * /var/www/default.site
    reverse_proxy prodlife-xxxxxxxxx.com:3000
}

 

Related articles