sauce-teamcity-plugin icon indicating copy to clipboard operation
sauce-teamcity-plugin copied to clipboard

Published 20 hours ago verified publisher icon rossrowe

Embeded Results

Open SirDarquan opened this issue 10 years ago • 3 comments

I don't know if you know this or not but the Iframe for the results in TeamCity isn't allowed to display. SauceLabs has the page set 'X-Frame-Options' to 'DENY'. If you are in a position to have this updated just for this page, that'd be great. Otherwise you need to manually construct a page based on the data from the API call or just remove the option altogether.

SirDarquan avatar Feb 10 '15 13:02 SirDarquan

Thanks for letting us know, I'll do some investigation to see how we can resolve it.

On Wed, Feb 11, 2015 at 12:42 AM, SirDarquan [email protected] wrote:

I don't know if you know this or not but the Iframe for the results in TeamCity isn't allowed to display. SauceLabs has the page set 'X-Frame-Options' to 'DENY'. If you are in a position to have this updated just for this page, that'd be great. Otherwise you need to manually construct a page based on the data from the API call or just remove the option altogether.

— Reply to this email directly or view it on GitHub https://github.com/rossrowe/sauce-teamcity-plugin/issues/12.

rossrowe avatar Feb 11 '15 09:02 rossrowe

I know it's been awhile since I raised this issue but I believe that I know how it can be partially resolved. If you use the direct url of the job, the saucelabs site will take care of authentication. If I'm logged into saucelabs already, I'll see the job in TeamCity appropriately, but if I'm not logged in, there will be a redirect to the login page. Now the login page is what's setting the 'X-Frame-Options' to 'DENY' and I don't have an issue with that because it's a security measure. With this in place, you can at the minimum post somewhere the requirement to be logged in to see the results.

SirDarquan avatar May 07 '15 13:05 SirDarquan

Would it be possible for you to add an option to use auth tokens for viewing embedded results instead? We give the username and api key already and one of the requirements is to create a teamcity message with the job-id in it. If you have all three of these things AND the configuration allows no login links (or whatever you'd call it) then the embedded result should use auth tokens. I have a user specifically for my CI server so that takes care of security concerns and I understand that if I regenate its api key all the previously generated results will no longer be viewable. I think that is an acceptable risk that anyone would take as long as they're aware if it (e.g. in the read me and on the UI)

SirDarquan avatar Aug 31 '15 14:08 SirDarquan