Embedding the IBM MQ Console in an IFrame
The HTML <iframe> element can be used to embed one web page into another using an Inline Frame (IFrame). For security reasons the IBM MQ Console can not be embedded into an IFrame by default. However, we can enable an IFrame by using the mqConsoleFrameAncestors configuration property on the mqweb server.
Note: Wherever possible, the term allowlist has replaced the term
whitelist.
The mqweb server maintains an allowlist of origins of web pages that can embed the IBM MQ Console using an IFrame. An origin is a combination of a URL scheme, domain and port, for example, https://example.com:1234.
We can use the mqConsoleFrameAncestors configuration property on the mqweb server to specify the entries in the list.
By default, mqConsoleFrameAncestors is blank, which means that the IBM MQ Console can not be embedded in an IFrame.
Procedure
Specify a list of origins of web pages, that can embed the IBM MQ Console in an IFrame, by entering the following command:setmqweb properties -k mqConsoleFrameAncestors -v allowedOriginswhere allowedOrigins is a comma separated list of origins. Each origin should consist of:
- A hostname or IP address
- An optional URL scheme
- An optional port number
Note that the host name can start with the wildcard character (*) and the port number can also use the wild card character (*). Example origins are:
https://example.com:1234which allows any web page served from https://example.com:1234 to embed the IBM MQ Console in an IFrame.
https://*.example.com:*which allows any HTTPS web page with a hostname ending with example.com, and using any port, to embed the IBM MQ Console in an IFrame.
Example
The following example allows the IBM MQ Console to be embedded in an IFrame from web pages served from either https://site2.example.com:1234 or https://site2.example.com:1235:setmqweb properties -k mqConsoleFrameAncestors -v https://site2.example.com:1234,https://site2.example.com:1235Parent topic: IBM MQ Console and REST API security