removed
Follow-up: Removing directives on June 1st
May 9th, 2024
To increase app security, we will remove the allow-top-navigation
and allow-top-navigation-by-user-activation
directives from iframes on June 1st, 2024.
These directives enable apps to redirect customers from their monday account to another website, which poses a security risk for many customers.
Here are good and bad examples of what’s currently allowed:
// Open link in a new tab - GOOD
window.open("<https://www.mozilla.org/">, "mozillaTab");
// Open link in a new window - GOOD
window.open("<https://www.mozilla.org/",'name','height=300,width=650,screenX=400,screenY=350'>)
// Redirect the user outside of monday - BAD
window.top.location.href = "<https://www.mozilla.org/">;
After deprecating these directives, any links utilizing this functionality won’t work but won’t impact app functionality. This update will only disablewindow.top.location.href
(see example below):
window.top.location.href = "<https://www.mozilla.org/">;
If you need to direct customers to an external link from the app, you can still do so by opening it in a new tab using the SDK or the window.open
method.
window.open("<https://www.mozilla.org/">, "mozillaTab");