Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

For client requirement; please seeĀ gravity.client.requirement

GRAVITY can be integrated to your application via browser extension or using direct script injection, which might be useful in case if source code of the target application can be modified accordingly.

Script injection

Script #1: simple injection

One of the options to add GRAVITY on your own site is to inject it via simple code snippet

<script>
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
var baseUrl = 'https://your.host/gravity/';
script.type = 'text/javascript';
script.onload = function() {
pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject');
}
script.src = baseUrl + 'inject/js/pi.gravity.inject.js';
head.appendChild(script);
</script>

Script #2: injection with user authentication

In case if user need to be automatically authenticated within specified email address the following snippet can be used

var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
var baseUrl = 'https://your.host/gravity/';
var options = { email: 'user@mail.com' };
script.type = 'text/javascript';
script.onload = function() {
    pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject', options);
}
script.src = baseUrl + 'inject/js/pi.gravity.inject.js';
head.appendChild(script);

Script #3: injection with activation only on some pages of the application

More complex solution for cases when GRAVITY might not be activated for all sites on which the script is injected

/* Gravity injection code */
var baseUrl = "https://your.host/gravity/";
var options = { email: 'user@mail.com' };

(function init() {    
    window.onload = function () {
        injectGravity();
    };
})();

function injectGravity() {
    var xhr = new XMLHttpRequest();
    xhr.onreadystatechange = function () {
        // if gravity is enabled for current page, then load inject scripts
        if (xhr.readyState === 4 && xhr.status === 200 && xhr.responseText === "true") {
            loadInjectScripts();
        }
    };
    xhr.open("GET", baseUrl + "services/info/gravity/enabled?url=" + encodeURI(location.href), true);
    xhr.send();
}

function loadInjectScripts() {
    var script = document.createElement('script');
    script.onload = function () {
        var startScript = document.createElement('script');
        var srcBody = document.createTextNode("pi.gravity.inject.setup('" + baseUrl + "', '" + baseUrl + 'inject/' + "', 'Static inject', " + JSON.stringify(options) + ")");
        startScript.appendChild(srcBody);
        document.head.appendChild(startScript);
    };
    script.src = baseUrl + "inject/js/pi.gravity.inject.js";
    document.head.appendChild(script);
}

CSP rules

The following rules must configured to let GRAVITY work properly in CSP secured context of the target application.

style-src 'unsafe-inline' 'unsafe-eval' https://your.host;
script-src 'unsafe-inline' 'unsafe-eval' https://your.host;
img-src 'unsafe-eval' https://your.host;
font-src 'unsafe-eval' https://your.host;
default-src 'unsafe-eval' https://your.host;
connect-src 'unsafe-eval' https://your.host;

  • No labels