I'm currently trying to place the docusign console onto my website. My current method is using an iFrame but I'm wondering if that is secure and the optimal way of doing it. I was also wondering if the docusignAPI has a solution to that implemented already because I couldn't find one after playing around on the website with various code sources.
Preferably, users would be able to go to some part of the website, view the contract or document they need to sign on the website without having the leave the website. This includes viewing the document on the website as well such as using an iFrame allows.
Using iframes to host DocuSign embedded signing is not a good idea for a few reasons.
Typically to have a good experience it is recommended to use a large window.
Security Concerns. The users of your app wouldn't be able to see the DocuSign URL as well as the green check to know they're using a secure website which should make them feel more confident about using your integration.
Related
I'm new to web development, and I'm currently making a presentation website(home, services, news, vacancies) for a small company. I'm using Node.js,Express and MongoDB.
The client wants to manage certain content on the website, therefore there needs to be a dashboard, where only admins could login/register. But website design does not provide any login/registration system for users.
The question is, where do I put a dashboard and how should I hide it from ordinary users? Should I just use url, like mysite.com/admin, which should be typed by the admin, whenever he wants to get to the admin login/dashboard zone(it seems quite unsafe, since everybody on the internet could type that and get to the login form)? Or maybe I should make a separate desktop app for managing website content?
How should I approach this problem, what are the best practices?
Thanks!
You don't need to reinvent the wheel as i think you can first explore CMS systems and check if the tools covers your requirement . Since CMS tools brings in lot of website admin capabilities as out of the box features.
Following links will get you started.
https://en.wikipedia.org/wiki/Content_management_system
https://en.wikipedia.org/wiki/Web_content_management_system
So, apparently I need to provide a Privacy Policy URL for my Instagram application.
The only reason I'm using this application, is for a website I built for a client of mine. The client wanted an automatic integration for her Instagram, so I went through the whole Instagram API hassle.
Now, the website is ready for production, so I wanted to get my app out of sandbox mode, but it looks like I need this Privacy Policy URL.
What's the best way to go about this?
Put a Privacy Policy page up on their website (really any website you can link to) and use that link. It can be a static HTML page, as long as you can link to it.
Instagram won't let you take an application like this out of Sandbox, btw. Your use case is not an approved use case. From Instagram's Developer Documentation under Invalid Use Cases:
One-off Projects. If you are an agency building websites or other integrations, note that we don't grant permissions to clients created for one-off projects. If you are interested in building a product, platform, or widget that will be used as a service across multiple projects, then you may submit a single client_id that you can use across multiple projects.
You can (probably) still achieve the outcome you're looking for but you will need to go back to the drawing board and rethink your application's use case before getting out of the Sandbox. I know some developers who really just don't understand (or care to understand) the policies and never make it out of Sandbox. It's a shame because they can read the technical portions of the documentation so easily but just can't/don't read/understand the more critical parts (like the Invalid Use Cases section).
I want to understand why client side rendering makes it bad for SEO? Are there any articles about this? Isn't the data rendering already from the server and it's just a matter of making it look like anything we want in JavaScript, how will this affect SEO?
Thank you.
The simple answer is that when you render the site with JavaScript you require JavaScript to see the page, right? Well, Google bots don't run JavaScript so in the best case they'll just see plain text.
Nothing wrong with plain text though. The most important thing is that the same info is on the page even without JavaScript.
Can you be more specific on how you planning to implement client side rendering?
Why would you like to use SEO for a SharePoint site?
SharePoint has already a very good native search engine.
Please take in count that using sharepoint as a public website is no longer recommended, furthermore Microsoft and any SP professional will discourage you from using it in that way. Microsoft has already dropped the public website feature from SharePoint Online (Office 365), and as you may know the current Microsoft strategy is “Cloud first, Mobile first” so you can expect that in the middle term most of the ways and patterns will be equivalent in SP Online and SP on-premise. So I'm not saying that you can't do this with a SharePoint server exposed to internet, however you shouldn't continue doing it, considering that you can use web services to call/get sharepoint content from any other web platform in case you need to publish some sharepoint content in a public website.
http://support.microsoft.com/en-us/kb/3027254/en-us
https://www.linkedin.com/pulse/sharepoint-public-website-platform-any-more-marwan-tarek
I'm making an app and I plan to have some cloud happening with it, but I do not want to create a user data base and have the users need to remember their username and password.
Since it will be distributed through the chrome app store it's basically guaranteed that the user will have a google account. All I want to do is:
Get the user's email through the google account stuff. If I get it through there, well then their email is all the authentication I need to get that user's data.
If I end up putting the application on something other than chrome browser, I'll just have the user use their email to request a validation link, and then I'll send them a validation code for that account, they put the validation code into the application, it takes that as a verified user, so that's secure and easy as well.
EDIT: I'm looking into this. So far I have:
OAuth 2
Google API
But I have a problem that I don't know what to set as my javascript origins in the Google API and there isn't too much info on this abroad. If anyone can tell me what javascript origins I need to set for a chrome extension to access google api it would be a great help.
PS: Thanks for down vote, this is why I love resorting to stack exchange.
Hmmm, I think the only reason this was voted down is the fact that this question may be been asked somewhere on the site already (but I'll help you and give give a 1up).
So what you are wanting to use the Google OpenID. You will have to register your application with Google so they can provide OAuth2 tokens for you application. I have not done this with Google but with other services and it is pretty easy, just search around.
In terms of obtaining OAuth2 for your application in the chrome extension - this can be a pain since the extension is sandboxed and Google's example uses OAuth not OAuth2.
Here is solution I host on GitHub for this - I also use this in my extension GitHub Repositories:
https://github.com/jjNford/oauth2-chrome-extension
Hope this helps in some way. Don't get discourages with StackOverflow, it is a great resource with many great contributors.
Good luck!
I had to up vote you too as I'm tracking down a related issue so here is what I've found that may help.
According to these directions - http://code.google.com/p/google-api-javascript-client/wiki/Authentication - "In the "Authorized JavaScript Origins" box, enter the protocol and domain for your site." This should be the protocol (http:// or https://) followed by any optional subdomain followed by your domain name and no trailing slash. Nothing after the domain name.
This prevents certain kind of security attacks, see: http://en.wikipedia.org/wiki/Same_origin_policy.
There are some related questions here that I found that may help:
Problems with Google Picker API and selecting Google Drive items and google apis console 'Javascript origins'.
Now with all of that said, I am still trying to track down what values to put in there for one of my sites hosted as a Google Site, as none of the obvious values are working for me. So there may be some subtlety there that I have missed in this explanation.
I'm investigating the possibility of re-using Google Apps/Docs in a local hybrid desktop/browser application.
I've been going through the Google documentation on manipulating docs, eg. the Spreadsheet. I can't seem to find any info on actually hosting the UI. Is this possible, or does it require some form of permission from Google?
You want to basically embed an browser control in your application pointed at the URL of a Google Apps doc? You could use the Google Document List API to retrieve the documents for a user, then use the URLs of those documents in your embedded browser control.
You don't need Google's permission to do that; you're writing a browser with some extra smarts built in.
What do you mean by "hosting the UI?" These apps are HTML/CSS/JavaScript. Are you thinking about embedding them in AIR or Titanium, or in some kind of web control in another app?
i briefly looked into doing this, and figured if i really wanted to i could just load the gdocs page content dynamically, and use javascript to strip away the superflous elements like header and footer. but instead i'll probably just use an OS alternate because they have come a long way and I want rich hooks.