I know this question has been placed multiple times during the past five years and more, however no solutions has been found yet.
I know that trello website uses the x-frame protection to prevent click-jacking, however this solution could be left to the end-users, by adapting this configuration per-page and with whitelisted domains. It's technically possible, why it hasn't been discussed so far?
The effort to provide an embedding code during this years is cool, however the current support for the private (non-public) boards is limited to a picture that is merely a "big" clickable icon, the only useful thing you can actually read on it, it's the board name.
Are you investing time for a better solution? Can we hope in something better, or we should give up?
(And yes, I know you can resemble a custom page made via API, but it's a such big task to develop, risking to create more security issues to what this limitation is trying to avoid)
Thanks for the attention.
You can take a look at Hipporello if you are looking at exposing your board on a webportal. I have used it to build a crm, a webportal to published documentation on a system and a 'store'
>however this solution could be left to the end-users
That's the entire reason it has been done - Atlassian don't want to shift the responsibility for having to worry about click-jacking onto people who shouldn't have to worry about it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
They wouldn't, defaulting it as it is now, and adding the option to white-list specific domains won't expose the end user to click-jacking, unless the "hacker" is the owner himself.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.