Realms: Security Policies

This topic refers to functionality that is only available to accounts on the Quick Base Platform or Quick Base Unlimited plans. If you do not see the functionality described here, either your account or realm has not been configured to show it, or your account is not on one of those plans.

Realm admins have these security options:

  • Prevent embedding in iframes
  • Prevent external redirects

Note: Before changing these settings, review your apps, especially if they contain custom automation or integrations, as those may depend upon Quick Base being embedded in iframes or redirecting to external sites.

You can access these options in the new Security policies area of the Policies tab.

  • Prevent embedding in iframes
    When checked, iframes embedding Quick Base pages (reports, forms, home pages, custom code pages, etc.) from this realm will display as blank. This applies whether the iframe is attempting to display an embedded view of an app on the quickbase.com domain, or on an external website.

  • Prevent external redirects
    When checked, any redirects within formula fields or links are ignored if they are to locations outside the quickbase.com domain. For instance, if you have a formula field set up to add a new record and then send users to example.com, this redirect would be ignored. See the table below for more information on which type of links are affected.

    You can also opt to prevent most redirects, but allow or “whitelist” certain approved sites. When you select Ignore redirects to sites outside quickbase.com, an Allow redirects to these sites box appears. Enter a comma-separated list of hostnames in this box using the example.com,example.org format without including www. or http://

Tip: Double-check your hostnames when you enter them and do not enter www. or http://


Type of link Example URL Formula Affected? What will happen with the setting turned on? Why?
Single link on the quickbase.com domain URLRoot() & “db/” & [DBID_PROJECTS] & “?a=API_AddRecord&ticket=auth_ticket&apptoken=app_token&_fid_25=Completed” No Will work normally This is an internal link, which does not contain a redirect
Single link outside the quickbase.com domain “https://www.yourcompany.com/home” No Will work normally This is an external link, but it does not contain a redirect.
Link on the quickbase.com domain, then redirect to a second link on the quickbase.com domain URLRoot() & “db/” & [DBID_PROJECTS] & “?a=API_AddRecord&ticket=auth_ticket&apptoken=app_token&_fid_25=Completed” & URLEncode(URLRoot() & “db/” & [DBID_PROJECTS] & “?a=q&qid=1”) No Will work normally This link does contain a redirect, but it redirects to a page on the quickbase.com domain.
Link on the quickbase.com domain, then redirect to a link outside the quickbase.com domain URLRoot() & “db/” & [DBID_PROJECTS] & “?a=API_AddRecord&ticket=auth_ticket&apptoken=app_token&_fid_25=Completed” & URLEncode(“https://www.yourcompany.com/home”) Yes The new record is added, then the standard XML response page is displayed. This link contains a redirect, and the page it redirects to is external to quickbase.com
Link outside the quickbase.com domain, then redirect to another link outside the quickbase.com domain "https://www.yourcompany.com/home?redirect=" & URLEncode(“https://www.yourcompany.com/news”) Yes The home page of yourcompany.com is displayed. This link contains a redirect, and the page it redirects to is external to quickbase.com
Related Topics:

 

Go back      |       

© 1999-2019  QuickBase, Inc.  All rights reserved.  Legal Notices.