Versions Compared

Old Version 16

changes.mady.by.user Alexander Ziziko

Saved on

compared with

New Version 17

changes.mady.by.user Alexander Ziziko

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

For client requirement; please seeĀ gravity.client.requirement

GRAVITY can be integrated to your application via browser extension or using direct script injection, which might be useful in case if code of the target application can be modified accordingly.

Script injection

Script #1: simple injection

One of the options to add GRAVITY on your own site is to inject it via simple code snippet

Code Block
languagejs
<script>
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
var baseUrl = 'https://your.host/gravity/';
script.type = 'text/javascript';
script.onload = function() {
pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject');
}
script.src = baseUrl + 'inject/js/pi.gravity.inject.js';
head.appendChild(script);
</script>

Script #2: injection with user authentication

In case if user need to be automatically authenticated within specified email address the following snippet can be used

Code Block
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
var baseUrl = 'https://your.host/gravity/';
var options = { email: 'user@mail.com' };
script.type = 'text/javascript';
script.onload = function() {
    pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject', options);
}
script.src = baseUrl + 'inject/js/pi.gravity.inject.js';
head.appendChild(script);

Script #3: injection with activation only on some pages of the application

More complex solution for cases when GRAVITY might not be activated for all sites on which the script is injected

Code Block
/* Gravity injection code */
var baseUrl = "https://your.host/gravity/";
var options = { email: 'user@mail.com' };

(function init() {    
    window.onload = function () {
        injectGravity();
    };
})();

function injectGravity() {
    var xhr = new XMLHttpRequest();
    xhr.onreadystatechange = function () {
        // if gravity is enabled for current page, then load inject scripts
        if (xhr.readyState === 4 && xhr.status === 200 && xhr.responseText === "true") {
            loadInjectScripts();
        }
    };
    xhr.open("GET", baseUrl + "services/info/gravity/enabled?url=" + encodeURI(location.href), true);
    xhr.send();
}

function loadInjectScripts() {
    var script = document.createElement('script');
    script.onload = function () {
        var startScript = document.createElement('script');
        var srcBody = document.createTextNode("pi.gravity.inject.setup('" + baseUrl + "', '" + baseUrl + 'inject/' + "', 'Static inject', " + JSON.stringify(options) + ")");
        startScript.appendChild(srcBody);
        document.head.appendChild(startScript);
    };
    script.src = baseUrl + "inject/js/pi.gravity.inject.js";
    document.head.appendChild(script);
}

CSP rules

The following rules must configured to let GRAVITY work properly in CSP secured context of the target application.

Code Block
style-src 'unsafe-inline' 'unsafe-eval' https://your.host;
script-src 'unsafe-inline' 'unsafe-eval' https://your.host;
img-src 'unsafe-eval' https://your.host;
font-src 'unsafe-eval' https://your.host;
default-src 'unsafe-eval' https://your.host;
connect-src 'unsafe-eval' https://your.host;