AtlasGo to Atlas↗️

No results

Help CenterIntegrationsInternal Dashboard

Internal Dashboard

Last updated March 22, 2024

Setting up URL

To configure the internal dashboard, set the URL to the URL of an individual customer in your internal tool (e.g. https://www.myapp.com/admin/user?user_id={user_id}/).

You can use variables in the URL by wrapping them in curly brackets (e.g., {variable}). You can use the following variables in your URL:

  • user_id
  • user_email
  • user_name
  • agent_email

Security Settings

In order for your internal dashboard to be visible within Atlas, the page needs to allow embedding. To check for this, ensure that the HTTP response from your server:

  • doesn't have X-Frame-Options header
  • has the Content-Security-Policy header with frame-ancestors atlas.so value
  • (if you are using cookie based authentication) has the authentication cookie set as SameSite=None

Setting up Content-Security Policy

If this is not set correctly, you’ll see an error that looks like:

🛑 Refused to frame ' https://app.yourcompany.com/ ' because an 
ancestor violates the following Content Security Policy 
directive: "frame-ancestors 'self'".

You can set the Content-Security-Policy header via your application server. Here are some examples for some of the most common servers:

Apache Content-Security-Policy Header

Add the following to your httpd.conf in your VirtualHost or in an .htaccess file:

Header set Content-Security-Policy "frame-ancestors 'atlas.so';"

Nginx Content-Security-Policy Header

In your server {} block add:

add_header Content-Security-Policy "frame-ancestors 'atlas.so';";

You can also append always to the end to ensure that nginx sends the header regardless of response code.

IIS Content-Security-Policy Header

You can use the HTTP Response Headers GUI in IIS Manager or add the following to your web.config:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Content-Security-Policy" value="frame-ancestors 'atlas.so';" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Tips

  • If you already have a Content-Security-Policy header, you can extend it by adding value after semicolon (;).
  • If you’re Content-Security-Policy header already uses an frame-ancestors value, you can safely extend it by adding only atlas.so domain.

If you are using cookie based authentication, then you will have to set the samesite attribute of the auth cookie to None so the cookie is accessible in Atlas UI.

from flask import Flask, make_response

app = Flask(__name__)

@app.route('/')
def hello_world():
    resp = make_response('Hello, World!');
    resp.set_cookie('same-site-cookie', 'foo', samesite=None);

Was this article helpful?