Navigation button under the Companion Forums Site module in your Tightknit app home.
Enabled Pages
You can configure which pages and routes are enabled on your companion site. When disabled, the routes are not accessible and do not display any data.- Groups list page - enables the Groups list and Group detail pages
- Members list page - enables the Members list page. The Member profile page is not affected by this setting and is always accessible.
- Events list page - enables the Events list and Event detail pages
Navigation Sidebar Custom Links
This feature is currently in beta.
Navigation Items Modal
Navigation Item Types
External Link
An external link is a simple URL that will be opened in a new tab when the navigation item is clicked. The navigation item configuration must follow the format:Name | URL.
For example, the following configuration will create a navigation item with the label “Knowledge Base” that will open the URL “https://example.com” in a new tab when clicked:
Internal Link (Embedded Page)
Internal embeds an advanced feature. In order to allow certain domains within
the iframe for the page to function properly, you may need to configure
certain site security protocols.
Name | URL | slug. When an internal link is configured, the the embedded page is added to the companion site at the URL: https://<your-site>/p/<slug>.
For example, the following configuration will create a navigation item with the label “Terms of Service” that will open the embedded page at the URL: https://<your-site>/p/terms-of-service. This page will contain an embedded iframe with the contents of the URL https://example.com.
Embedded pages are useful for displaying content from external sources within
your companion site. For example, you can embed your community’s calendar or
other content from external sources. For best practices, make sure the
embedded URL is the same domain as the companion site (see Site
Details).
Content Security Policy
The URLs for internal embeds must meet certain criteria before they can be successfully emdedded in an iframe.1
The Target URL Must Allow Itself to be Embedded
First, the target URL must allow itself to be embedded by the companion site’s domain. This accomplished by a combination of the Check with your site administrator to see which security settings are appropriate for your case.
X-Frame-Options header and/or the frame-ancestors directive in the Content-Security-Policy header. For modern browsers, it is recommended to use the Content-Security-Policy and include the companion site domain in frame-ancestors directive.For example, you could configure your third-party site to use the following Content-Security-Policy header to allow it to be embedded within the companion site:2
The Domains Within the Embedded Page Must be Allowlisted
Second, you must register the domain(s) of any resource that could appear within the embedded experience. For example: if you have links to pages that could take the user to another domain, images that are hosted on another domain, etc., these domains must be registered with Tightknit in the Additional Allowed iframe Sources, or else they will fail to load within the iframe.The Additional Allowed iframe Sources will be used in the
frame-src directive of the Content-Security-Policy header on the companion site. The value must be a space-separated list of domains. Tightknit automatically includes 'self' and the domain of the navigation item URL.You may use a wildcard within a domain (e.g. https://*.my-site.com) or by itself * to allow all domains.Using the
* wildcard to allow all domains should be used with caution. This
may lead to security vulnerabilities if not properly configured.