For client requirement; please seeĀ gravity.client.requirement |
GRAVITY can be integrated to your application via browser extension or using direct script injection, which might be useful in case if source code of the target application can be modified accordingly.
One of the options to add GRAVITY on your own site is to inject it via simple code snippet
<script> var head = document.getElementsByTagName('head')[0]; var script = document.createElement('script'); var baseUrl = 'https://your.host/gravity/'; script.type = 'text/javascript'; script.onload = function() { pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject'); } script.src = baseUrl + 'inject/js/pi.gravity.inject.js'; head.appendChild(script); </script> |
In case if user need to be automatically authenticated within specified email address the following snippet can be used
var head = document.getElementsByTagName('head')[0]; var script = document.createElement('script'); var baseUrl = 'https://your.host/gravity/'; var options = { email: 'user@mail.com' }; script.type = 'text/javascript'; script.onload = function() { pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject', options); } script.src = baseUrl + 'inject/js/pi.gravity.inject.js'; head.appendChild(script); |
More complex solution for cases when GRAVITY might not be activated for all sites on which the script is injected
/* Gravity injection code */ var baseUrl = "https://your.host/gravity/"; var options = { email: 'user@mail.com' }; (function init() { window.onload = function () { injectGravity(); }; })(); function injectGravity() { var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function () { // if gravity is enabled for current page, then load inject scripts if (xhr.readyState === 4 && xhr.status === 200 && xhr.responseText === "true") { loadInjectScripts(); } }; xhr.open("GET", baseUrl + "services/info/gravity/enabled?url=" + encodeURI(location.href), true); xhr.send(); } function loadInjectScripts() { var script = document.createElement('script'); script.onload = function () { var startScript = document.createElement('script'); var srcBody = document.createTextNode("pi.gravity.inject.setup('" + baseUrl + "', '" + baseUrl + 'inject/' + "', 'Static inject', " + JSON.stringify(options) + ")"); startScript.appendChild(srcBody); document.head.appendChild(startScript); }; script.src = baseUrl + "inject/js/pi.gravity.inject.js"; document.head.appendChild(script); } |
The following rules must configured to let GRAVITY work properly in CSP secured context of the target application.
default-src 'none'; connect-src https://your.host; font-src https://your.host; img-src https://your.host; frame-src https://your.host; style-src 'unsafe-inline' 'unsafe-eval' https://your.host; script-src 'unsafe-inline' 'unsafe-eval' https://your.host; |