A custom filter enables you to embed PTC Arbortext Content Delivery into cross-domain applications. By default, you can embed PTC Arbortext Content Delivery into same-domain applications only. To use cross-domain applications instead, you must add the custom filter entry to the web-orig.xml file located in the directory <HOME>/SW/SW/Applications/Windchill.ear/codebase.war/WEB-INF.

The custom filter must implement a custom ClickjackFilter method. The method must add the X-Frame-Options response header to tell a browser which content must be displayed in a frame. By default, the X-Frame-Options header value is set to SAMEORIGIN. To display PTC Arbortext Content Delivery in a cross-domain application, the custom filter must set the X-Frame-Options header value to ALLOW-FROM <domain_name>, where <domain_name> is the cross-domain application URL. For example, http://thingworx.com.

Consider an example where PTC Arbortext Content Delivery is available in the domain https://www.ptc.com/. To access PTC Arbortext Content Delivery from another domain such as http://thingworx.com , add a custom filter entry to the web-orig.xml file. The custom filter entry must set the X-Frame-Options header value to ALLOW-FROM http://thingworx.com as shown in the following the sample code:

The custom filter implements the ClickjackFilterForThingWorx method. A sample ClickjackFilterForThingWorx method is shown in the following code:

The following image shows PTC Arbortext Content Delivery embedded into the domain http://thingworx.com with the X-Frame-Options header value set to SAMEORIGIN: