This is an account owner task.
By default, when you start using OpenForms, your forms can be embedded on any website. This can be useful as your organization undertakes a digital transformation and your forms are added to various new sites.
However, once you've completed this process, it's a good idea to restrict forms to only those domains used by your organization. This prevents external sites from embedding your forms, potentially with malicious intent.
To restrict your forms to particular domains,
- Go to Account > Security
- Select Restrict the websites that forms can be embedded on.
- Enter the domains you'd like to whitelist in the field provided.
Entering a URL will whitelist any pages within that domain.
For example, there's no need to whitelist "www.pointrussell.com/library" if you've already entered "www.pointrussell.com".
You can also use asterixes to whitelist domains with multiple prefixes.
For example, "*.pointrussell.com" will whitelist "www.pointrussell.com" as well as "library.pointrussell.com".
- Save your changes.
When you apply this setting, any form that is hosted at a domain that you have not whitelisted will stop working.