Custom Preview Widgets - "drag the dark cloud on to the white cloud"

回答済み
新規投稿

コメント

8件のコメント

  • Dave Bryant

    Just to note - on closer inspection this appears to only be occurring on Safari. Firefox is fine, so is almost certainly a glitch?

    0
    コメントアクション パーマリンク
  • Hannon, Michael

    For myself and one of my instructors all box links embedded in our canvas courses we’re forcing repeated security authentication like this suddenly. This must be an issue on Box’s side because this was not the case previously. For a temporary solution Canvas directed us to clear browser cache (we were using chrome) which worked.

    1
    コメントアクション パーマリンク
  • Dave Bryant

    Thanks - so it's not just Safari then. That's interesting. Hopefully this will get fixed soon. 

    0
    コメントアクション パーマリンク
  • mboggs

    I'm seeing this as well. I've created a support ticket. 

    0
    コメントアクション パーマリンク
  • Dave Bryant

    Anyone having any luck with this? Everything seemed to be back to normal this morning, but now I've reverted back to the old problems. 

    0
    コメントアクション パーマリンク
  • mboggs

    My users are still having the issue. My support ticket is currently in "looping in a specialist who will reach out to you" mode. 

    0
    コメントアクション パーマリンク
  • Rona

    Hi Dave, 

    Welcome to Box Community and glad to help! 

    While I'm reaching out to our specialists regarding this error, can you please try these troubleshooting steps? 

    Let us know how it goes, 

    0
    コメントアクション パーマリンク
  • Eduardo Boro

    So I understand why this is done but please can we choose to disable it in certain instances? as Hannon,Michael says we use this a lot for Canvas embedding and it is a barrier to Students clicking into items. For example in a Canvas Announcement we use Box embed widget to display the PDF allow the URLS embedded within that PDF to be clickable. Very low stakes and the Student has already logged into Canvas to be able to get to the announcement so they are sure what we are posting is safe.   

    I short can you turn on the ability to TURN off the  "Drag the Cloud" game .

     

    "How does Box prevent clickjacking?

    To guard against clickjacking attacks, Box employs preventative measures in our embed widget as well as an X-Frame-Options header.

    Our embed widget uses an interactive "Drag the Cloud" game in which a white cloud puzzle piece, randomly placed on the page, needs to be plugged into a cloud-shaped "hole" in the page, also randomly placed on the page. Because both of the objects are randomly placed on the page, the user's click locations cannot be predicted easily by attackers, making a clickjacking attack less effective and an attempt to use clickjacking measures less worthwhile. This randomized interaction is the most effective method of preventing clickjacking attempts available for embedded content. Users can feel secure that they are interacting with the correct site if they are able to click and drag the cloud into the correct place."

    1
    コメントアクション パーマリンク

サインインしてコメントを残してください。