This article will address the following:
- Whitelist of Domains Overview
- Domain Lists
- Developer Notes
Whitelist of Domains Overview
Summary: A Whitelist of domains is essentially a list of pre-approved programs that are safe and/or necessary for product within LiveTiles to function properly. In our case, we need specific libraries to either pull data or style our sites the way they should.
- For instance, for the Calendar Tile to work in V4, it requires numerous plug-ins which are located in cdnjs.cloudflare.com.
- Page Designer relies on content distribution networks for product assets, performance monitoring and core product functionality.
Below is a list of all domains that need to be Whitelisted or allowed for Page Designer to work:
- cdnjs.cloudflare.com // only for bluebird.core.min.js by oauth token handler
- ltcdn.blob.core.windows.net // might be found in image urls from saved tiles
- ltd.azureedge.net // might be found in image urls from saved tiles
- unpkg.com // for monaco editor (custom code editor)
The following domains are also used for Social Networking Tiles:
The following are Page Designer for Azure-specific:
- westus.livetiles.cloud is the domain for the connection to the enterprise environment.
- us.livetiles.io is the domain for the connection to the teams environment.
- tokens.livetiles.io is the service that handles authenticating the tiles against O365/Azure AD
- login.microsoftonline.com is the service that actually does the login against Azure AD
The following are additional domains for various purposes (Tiles and more):
- widget.intercom.io // for intercom
- api.giphy.com // for Giphy tile
- api.powerbi.com // for Power Bi tile
- lt-exprss.azurewebsites.net // for RSS tile
- soundcloud.com // for SoundCloud tile
Developer Notes (Only Applies to V4)