Embed a CML application in an external website

You can embed a CML application into an I-frame on a web page. You need to specify the frame-ancestor attribute, otherwise the browser security policy will prevent the application from rendering in the page.

The frame-ancestor attribute prevents "Clickjacking" attacks by specifying which domains are allowed to provide embedded content to your site. To enable a domain to embed a CML application, set the environmental variable CDSW_FRAME_ANCESTORS to cointain one or more websites as follows:

  • The name of the embedding website, specified in host-source form.
  • You can specify multiple websites as a comma-separated list.

You can set the environmental value in Project Settings > Advanced.

For more information on host-source form, see: CSP: frame-ancestors.