ProductApp HubLauncher
Iframe Fallback
Launcher Hub must respect browser security.
Launcher Hub must respect browser security.
If a site blocks embedding through X-Frame-Options or CSP frame-ancestors, Prox OS should not bypass that policy. It should not proxy the site to strip headers, spoof origin, or hide browser restrictions.
Fallback UI
When an external app cannot be embedded, Launcher Hub should show:
- screenshot-like preview card;
- title, description, favicon or visual placeholder, and domain;
- reason:
Blocked by X-Frame-Options or CSP frame-ancestors; - action:
Open in new tab; - action:
Copy URL; - guide:
How to make this site embeddable if you own it.
Owner Guide
If the user owns the site, they can configure a deliberate allowlist for Prox OS through CSP frame-ancestors. This should be explicit and narrow. Prox OS should never encourage broad wildcard iframe policies for sensitive apps.