Adding a link to a website

In a track, if you add a link to a website, Challo loads the URL in an iframe.

An iframe (or Inline Frame) is a standard mechanism to embed another page within the original web page and poses some limitations.

When you open the resource, Challo instructs your browser to embed the web page into your current view.

Important: If possible, use a Challo application to add websites instead of using a URL. For example, use the Challo Salesforce application to add Salesforce records to your track.

Refusing to load web links

When you click a link from a Challo track, sometimes it is not possible for your browser to embed the destination into an iframe and you see a refused to connect message.

Typically, this happens if the website implements a security policy that disallows Challo, and other sites, from loading the pages inside iframes. The website implements this security policy to protect your sessions from cross-site attacks, if you accidentally browse to a malicious website that attempts to hijack your session, for example. Often these sites maintain a list of sites that can embed their pages. Challo cannot control this behavior.

If you cannot view the page in Challo, click Open in new window and a new browser window opens to display the site.

If you want, select Always open blocked links in a new window, so that Challo does not ask you in the future.

If you control the website that you want to add to your Challo track, you have to add Challo to a suitable access list, to let your browser to embed the content. This can be done in a number of ways.

X-Frame options

This method is considered deprecated; however it is still common. 

When your browser makes the request of the website, the response it receives may include the X-Frame-Options header.  Your browser may load the iframe content inside Challo if the following URL is included (*.cafex.com):

See: Mozilla—X-Frame-Options

Frame ancestors

When your browser makes a request of the website, the response it receives may include the Content-Security-Policy: frame-ancestors header.  Your browser can load the iframe inside Challo if the following URL is included: (*.cafex.com).

See: Mozilla—Content-Security-Policy