Comments (9)
Domain restrict.
Need Grist to be embedded only on specific sites. This is must have because if you sell datas in your websites, other people cannot somehow find the link and embed in their websites
from grist-core.
Data scraping protection is impossible these days. I think Grist can protect 70% is somewhat perfect:
1/ With bots: The best way i can think of is make your "embedded table/dashboard" integrate with "data scraping service" like scrapeshield https://blog.cloudflare.com/scrapeshield-the-scaled-up-deep-intelligence/
2/ Human: "forget bot, I will drag all the table and copy to my excel"
Grist: "I have 2 options, (can drag all table to copy) and (cannot drag all table to copy) when share to public, and... in the backend I can choose the switch buttons off/on: can download, can filter,...)
from grist-core.
Great embed-related requests from users I've spoken with:
- Enable search bar on embed
- Ability to remove "download" and "print" options on embed
- Full document embed that allows "jumping" to referenced tables/pages
from grist-core.
Thanks @smithqueen1991. We do plan to generalize access control by origin (mentioned https://support.getgrist.com/access-rules/#access-rule-conditions) to allow users to control which documents can be accessed from which site. I think that will address your main concern.
Imagine for a minute that restriction by domain is set up. Are there other security measures that are important for you? Do you worry about people simply copying and pasting your data into their own site, or retyping it if copy/paste is disabled?
from grist-core.
We've documented what is possible so far at https://support.getgrist.com/embedding/#embedding-grist
from grist-core.
Related: #91
from grist-core.
+1 wish for "embed editable anonymous table". There are use cases where this approach makes sense. Of course security measures are often also needed unless the table is served from server side on a web app. Additionally, embedding a user (even on URL like ?login=username&password=userpassword) has also use cases.
from grist-core.
@tietoafinlandoy I believe if you add /m/default?embed=true
to a URL, and set public access on the document to editor, viewers of the embedded page will have edit access. The /m/default
overrides switching to read-only mode, as Grist does by default currently for embeds.
from grist-core.
@paulfitz Actually, turns out that ?embed=true locks the fields (show the lock icon when trying to edit) when using iframe to embed the table but using ?style=light leaves it editable! So it works now for us. Thank you for answering. We went on to learn the trick here: https://support.getgrist.com/embedding/
from grist-core.
Related Issues (20)
- Filtered Reference Column not showing all rows in dropdown
- Lists of RecordSets cannot be typed as Reference List HOT 1
- New setup [pyodide sandbox] = warn: Sandbox sending SIGKILL HOT 4
- User deletion API: confirm by giving user's email rather than by their name?
- Clean up code to handle enterprise toggle
- Provide UI for entering an activation key
- The enterprise toggle should be disabled for the grist-oss and grist-ee images HOT 1
- add tests for the enterprise toggle widget
- Trial period when enterprise is enabled should count from the moment enterprise was enabled, not when Grist was installed
- In Forms, selecting a reference from a long list (1000+) is not working HOT 1
- Is it possible to move focus to the column options with the keyboard? HOT 1
- Dark mode overrides choice text color
- Opening of .grist impossible Error: EPERM HOT 1
- Show images from URLs in table widgets HOT 1
- Add time column type HOT 4
- Add parquet format HOT 1
- Formatting in Grist Cells
- Blank values in matching columns of an imported CSV should always match and update existing records with same blank values HOT 1
- Huge sqlite database when writing via API calls HOT 9
- Cannot destructure property 'buildNameConfig' of 'e.FieldConfig' as it is undefined HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from grist-core.