Reverse proxy for Newired

Modified on Mon, 24 Oct 2022 at 05:10 PM

Goal: Inject snippet

To enable Newired in the application there must be a snippet on every application page. It means adding the code snippet to the body of the page. Because Newired needs to be executed after all other page elements are loaded, the best practice is to add a snippet after all elements, hence at the end of <body>.

Most proxy servers have modules that are needed to perform this task. The modules are used to inject the snippet so it can be delivered over the web application.

Snippets should be only in the top document and not in inner documents like IFrames and its document body. Injecting in body elements of such documents must be avoided.

<script id="newired-snippet" async src="https://<content-delivery>/<siteId>/loader.js"
       onload="initOverlay()" onerror="loaderFailed()"></script>

<script>
    function initOverlay() {
        newired.initialize({
            backend: "https://<newired-portal>",
            collector: "https://<newired-portal>/collector/collector.js"
        })
    }

    function loaderFailed(e) {
        console.error("Loading of Newired Overlay failed. Cause: ", e)
    }
</script>

Example: NGinx

If there is no direct way how to put the snippet into the target application using the target application settings, we need to deploy (install) the snippet using the proxy server.

We usually create a filter that replaces the end tag of the body with a snippet.

Like in NGinx:

sub_filter '</body>' '<script id="newired-snippet" async src="https://<content-delivery>/<siteId>/loader.js"
       onload="initOverlay()" onerror="loaderFailed()"></script>

<script>
    function initOverlay() {
        newired.initialize({
            backend: "https://<newired-portal>",

            collector: "https://<newired-portal>/collector/collector.js"
        })
    }

    function loaderFailed(e) {
        console.error("Loading of Newired Overlay failed. Cause: ", e)
    }
</script></body>';

Example: Apache/Oracle HTTP Example

You need to make sure of is that the location is correct for your application server and that it uses the Newired deployment address.

As the Oracle HTTP server is based on Apache the two modules (LoadModule substitute_module modules/mod_substitute.so and LoadModule filter_module modules/mod_filter.so ) need to be loaded and then the snippet can be added as shown above.

Fix Content Security Policy issue

To unblock loading of Newired resources is usually needed to update the Content Security Policy header. We noticed that your configuration has already changed the security headers and mentioned that one is unblocking all resources by default. Hence there is no need for an update. But it has to be thought about when some restrictions are done.

teamcenter-xxxxxxxxx.com {
    tls {
        DNS route53
    }
    header {
        Strict-Transport-Security "max-age=63072000"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "sameorigin"
        Content-Security-Policy "upgrade-insecure-requests"
    }
    encode zstd gzip
    root * /var/www/default.site
    reverse_proxy prodlife-xxxxxxxxx.com:3000
}