Join BoxWorks in San Francisco Nov 12-13! Keynotes, product demos, and Box Master Classes. Reserve your spot!

Custom Preview Widgets - "drag the dark cloud on to the white cloud"

Answered
New post

Comments

8 comments

  • Hannon, Michael

    For myself and one of my instructors all box links embedded in our canvas courses we’re forcing repeated security authentication like this suddenly. This must be an issue on Box’s side because this was not the case previously. For a temporary solution Canvas directed us to clear browser cache (we were using chrome) which worked.

    1
    Comment actions Permalink
  • Eduardo Boro

    So I understand why this is done but please can we choose to disable it in certain instances? as Hannon,Michael says we use this a lot for Canvas embedding and it is a barrier to Students clicking into items. For example in a Canvas Announcement we use Box embed widget to display the PDF allow the URLS embedded within that PDF to be clickable. Very low stakes and the Student has already logged into Canvas to be able to get to the announcement so they are sure what we are posting is safe.   

    I short can you turn on the ability to TURN off the  "Drag the Cloud" game .

     

    "How does Box prevent clickjacking?

    To guard against clickjacking attacks, Box employs preventative measures in our embed widget as well as an X-Frame-Options header.

    Our embed widget uses an interactive "Drag the Cloud" game in which a white cloud puzzle piece, randomly placed on the page, needs to be plugged into a cloud-shaped "hole" in the page, also randomly placed on the page. Because both of the objects are randomly placed on the page, the user's click locations cannot be predicted easily by attackers, making a clickjacking attack less effective and an attempt to use clickjacking measures less worthwhile. This randomized interaction is the most effective method of preventing clickjacking attempts available for embedded content. Users can feel secure that they are interacting with the correct site if they are able to click and drag the cloud into the correct place."

    1
    Comment actions Permalink
  • Dave Bryant

    Just to note - on closer inspection this appears to only be occurring on Safari. Firefox is fine, so is almost certainly a glitch?

    0
    Comment actions Permalink
  • Dave Bryant

    Thanks - so it's not just Safari then. That's interesting. Hopefully this will get fixed soon. 

    0
    Comment actions Permalink
  • mboggs

    I'm seeing this as well. I've created a support ticket. 

    0
    Comment actions Permalink
  • Dave Bryant

    Anyone having any luck with this? Everything seemed to be back to normal this morning, but now I've reverted back to the old problems. 

    0
    Comment actions Permalink
  • mboggs

    My users are still having the issue. My support ticket is currently in "looping in a specialist who will reach out to you" mode. 

    0
    Comment actions Permalink
  • Rona

    Hi Dave, 

    Welcome to Box Community and glad to help! 

    While I'm reaching out to our specialists regarding this error, can you please try these troubleshooting steps? 

    Let us know how it goes, 

    0
    Comment actions Permalink

Please sign in to leave a comment.