This is an Account owner task.
By default, when you start using OpenForms, your forms can be embedded on any website. This can be useful as your organization undertakes a digital transformation and your forms are added to various new sites.
However, once you've completed this process, it's a good idea to restrict forms to only those domains used by your organization. This prevents external sites from embedding your forms, potentially with malicious intent.
To restrict your forms to particular domains:
- Go to Account > Security.
- Under Embedding > Restrict embedding, check the box to Restrict domains.
- Add the domains you'd like to whitelist in the Enter the websites that forms can be embedded on field. Enter each URL on a separate line. This field has a maximum of 1000 characters.
Entering a URL will whitelist any pages within that domain.
For example, there's no need to whitelist "www.pointrussell.com/library" if you've already entered "www.pointrussell.com".
You can also use asterixes to whitelist domains with multiple prefixes; asterisks (*) indicate wildcards and are used to include subdomains.
For example, "*.pointrussell.com" will whitelist "www.pointrussell.com" as well as "library.pointrussell.com".
- Select Save changes.
When you apply this setting, any form that is hosted at a domain that you have not whitelisted will stop working.