AtlasCustomer portalAPI DocumentationGo to Atlas
Help CenterIntegrationsInternal Dashboard
Table of contents
  • Setting up URL
  • Security Settings
  • Setting up Content-Security Policy
  • Apache Content-Security-Policy Header
  • Nginx Content-Security-Policy Header
  • IIS Content-Security-Policy Header
  • Setting up SameSite=None in the Cookie
    • Related articles

    Internal Dashboard

    Last updated March 22, 2024

    Setting up URL

    To configure the internal dashboard, set the URL to the URL of an individual customer in your internal tool (e.g. https://www.myapp.com/admin/user?user_id={user_id}/).

    You can use variables in the URL by wrapping them in curly brackets (e.g., {variable}). You can use the following variables in your URL:

    • user_id
    • user_email
    • user_name
    • agent_email

    Security Settings

    In order for your internal dashboard to be visible within Atlas, the page needs to allow embedding. To check for this, ensure that the HTTP response from your server:

    • doesn't have X-Frame-Options header
    • has the Content-Security-Policy header with frame-ancestors atlas.so value
    • (if you are using cookie based authentication) has the authentication cookie set as SameSite=None

    Setting up Content-Security Policy

    If this is not set correctly, you’ll see an error that looks like:

    🛑 Refused to frame ' https://app.yourcompany.com/ ' because an 
ancestor violates the following Content Security Policy 
directive: "frame-ancestors 'self'".

    You can set the Content-Security-Policy header via your application server. Here are some examples for some of the most common servers:

    Apache Content-Security-Policy Header

    Add the following to your httpd.conf in your VirtualHost or in an .htaccess file:

    Header set Content-Security-Policy "frame-ancestors 'atlas.so';"

    Nginx Content-Security-Policy Header

    In your server {} block add:

    add_header Content-Security-Policy "frame-ancestors 'atlas.so';";

    You can also append always to the end to ensure that nginx sends the header regardless of response code.

    IIS Content-Security-Policy Header

    You can use the HTTP Response Headers GUI in IIS Manager or add the following to your web.config:

    <system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Content-Security-Policy" value="frame-ancestors 'atlas.so';" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

    Tips

    • If you already have a Content-Security-Policy header, you can extend it by adding value after semicolon (;).
    • If you’re Content-Security-Policy header already uses an frame-ancestors value, you can safely extend it by adding only atlas.so domain.

    If you are using cookie based authentication, then you will have to set the samesite attribute of the auth cookie to None so the cookie is accessible in Atlas UI.

    from flask import Flask, make_response

app = Flask(__name__)

@app.route('/')
def hello_world():
    resp = make_response('Hello, World!');
    resp.set_cookie('same-site-cookie', 'foo', samesite=None);

    Was this article helpful?