gravity.publicgravity.script.injection

gravity.script.injection

Owned by Alexander Ziziko (Unlicensed)
Last updated: Aug 09, 2022 by Alexander Ziziko

For client requirement; please see gravity.client.requirement

GRAVITY can be integrated to your application via browser extension or using direct script injection, which might be useful in case if source code of the target application can be modified accordingly.

Script injection

Script #1: simple injection

One of the options to add GRAVITY on your own site is to inject it via simple code snippet

<script> var head = document.getElementsByTagName('head')[0]; var script = document.createElement('script'); var baseUrl = 'https://your.host/gravity/'; script.type = 'text/javascript'; script.onload = function() { pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject'); } script.src = baseUrl + 'inject/js/pi.gravity.inject.js'; head.appendChild(script); </script>

 

Script #2: injection with user authentication

In case if user need to be automatically authenticated within specified email address the following snippet can be used

var head = document.getElementsByTagName('head')[0]; var script = document.createElement('script'); var baseUrl = 'https://your.host/gravity/'; var options = { email: 'user@mail.com' }; script.type = 'text/javascript'; script.onload = function() { pi.gravity.inject.setup(baseUrl, baseUrl + 'inject/', 'Static inject', options); } script.src = baseUrl + 'inject/js/pi.gravity.inject.js'; head.appendChild(script);

 

Script #3: injection with activation only on some pages of the application

More complex solution for cases when GRAVITY might not be activated for all sites on which the script is injected

/* Gravity injection code */ var baseUrl = "https://your.host/gravity/"; var options = { email: 'user@mail.com' }; (function init() { window.onload = function () { injectGravity(); }; })(); function injectGravity() { var xhr = new XMLHttpRequest(); xhr.onreadystatechange = function () { // if gravity is enabled for current page, then load inject scripts if (xhr.readyState === 4 && xhr.status === 200 && xhr.responseText === "true") { loadInjectScripts(); } }; xhr.open("GET", baseUrl + "services/info/gravity/enabled?url=" + encodeURI(location.href), true); xhr.send(); } function loadInjectScripts() { var script = document.createElement('script'); script.onload = function () { var startScript = document.createElement('script'); var srcBody = document.createTextNode("pi.gravity.inject.setup('" + baseUrl + "', '" + baseUrl + 'inject/' + "', 'Static inject', " + JSON.stringify(options) + ")"); startScript.appendChild(srcBody); document.head.appendChild(startScript); }; script.src = baseUrl + "inject/js/pi.gravity.inject.js"; document.head.appendChild(script); }

CSP rules

The following rules must configured to let GRAVITY work properly in CSP secured context of the target application.

style-src 'unsafe-inline' 'unsafe-eval' https://your.host; script-src 'unsafe-inline' 'unsafe-eval' https://your.host; img-src 'unsafe-eval' https://your.host; font-src 'unsafe-eval' https://your.host; default-src 'unsafe-eval' https://your.host; connect-src 'unsafe-eval' https://your.host;