Internal Dashboard
Last updated March 22, 2024
Setting up URL
To configure the internal dashboard, set the URL to the URL of an individual customer in your internal tool (e.g. https://www.myapp.com/admin/user?user_id={user_id}/).
You can use variables in the URL by wrapping them in curly brackets (e.g., {variable}). You can use the following variables in your URL:
user_iduser_emailuser_nameagent_email
Security Settings
In order for your internal dashboard to be visible within Atlas, the page needs to allow embedding. To check for this, ensure that the HTTP response from your server:
- doesn't have
X-Frame-Optionsheader - has the
Content-Security-Policyheader withframe-ancestors atlas.sovalue - (if you are using cookie based authentication) has the authentication cookie set as
SameSite=None
Setting up Content-Security Policy
If this is not set correctly, you’ll see an error that looks like:
🛑 Refused to frame ' https://app.yourcompany.com/ ' because an
ancestor violates the following Content Security Policy
directive: "frame-ancestors 'self'".You can set the Content-Security-Policy header via your application server. Here are some examples for some of the most common servers:
Apache Content-Security-Policy Header
Add the following to your httpd.conf in your VirtualHost or in an .htaccess file:
Header set Content-Security-Policy "frame-ancestors 'atlas.so';"Nginx Content-Security-Policy Header
In your server {} block add:
add_header Content-Security-Policy "frame-ancestors 'atlas.so';";You can also append always to the end to ensure that nginx sends the header regardless of response code.
IIS Content-Security-Policy Header
You can use the HTTP Response Headers GUI in IIS Manager or add the following to your web.config:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="frame-ancestors 'atlas.so';" />
</customHeaders>
</httpProtocol>
</system.webServer>Tips
- If you already have a
Content-Security-Policyheader, you can extend it by adding value after semicolon (;). - If you’re
Content-Security-Policyheader already uses anframe-ancestorsvalue, you can safely extend it by adding onlyatlas.sodomain.
Setting up SameSite=None in the Cookie
If you are using cookie based authentication, then you will have to set the samesite attribute of the auth cookie to None so the cookie is accessible in Atlas UI.
from flask import Flask, make_response
app = Flask(__name__)
@app.route('/')
def hello_world():
resp = make_response('Hello, World!');
resp.set_cookie('same-site-cookie', 'foo', samesite=None);