HOSTNAME_ALLOWLIST

Additional hostnames to allowlist for WYSIWYG script embeds Examples: www.foo.com, *.foo.com, etc.

Accepted values: array of strings

Context: Global (client/global.config.php)

Unknown javascripts and iframe pages can introduce viruses and malware to unsuspecting site visitors, and you’d get that big red warning page attached to your site if Google finds them before you do. So to protect your site and its visitors, LiveWhale does not allow you to paste any unknown <iframe>s and <script>s into pages or dynamic content like stories and events.

But naturally, there are services and sites that you do trust to supply clean content, so LiveWhale allows you to maintain a list of allowed domains that can be embedded. Once the base URL is added, any user can insert both <iframe>s and <script>s.

To allow a domain, you add a statement to one of your LiveWhale client configuration files. You can allow just a specific domain, or everything from that site/service as shown below.

// an explicit domain
$_LW->CONFIG['HOSTNAME_ALLOWLIST'][]='some.great.domain.tld';

// the star is a wildcard, so any google site/service is fine.
$_LW->CONFIG['HOSTNAME_ALLOWLIST'][]='*.google.com';

Note: This setting used to go by the name HOSTNAME_WHITELIST. The old setting still works for backwards-compatibility.