Security

Starting from v8.2, Filez Document Platform supports opening online documents via POST requests. This keeps parameters out of the URL query string and is therefore more secure.

To use POST, move the original query parameters into a form body. The token field name is fixed to access_token, then submit the form with a POST request. See the example below:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <style type="text/css">
        body {
            margin: 0;
            padding: 0;
            overflow: hidden;
            -ms-content-zooming: none;
        }

        #office_frame {
            width: 100%;
            height: 100%;
            position: absolute;
            top: 0;
            left: 0;
            right: 0;
            bottom: 0;
            margin: 0;
            border: none;
            display: block;
        }
    </style>
</head>
<body>
    <form style="display: none;" id="office_form" name="office_form" target="office_frame" action=${url} method="post">
        <input name="access_token" value="${access_token}" type="hidden" />
        <input name="optional_custom_param" value="" type="hidden" />
    </form>

    <span id="frameholder"></span>

    <script type="text/javascript">
        var frameholder = document.getElementById('frameholder');
        var office_frame = document.createElement('iframe');
        office_frame.name = 'office_frame';
        office_frame.id = 'office_frame';
        office_frame.title = 'Office Frame';
        office_frame.setAttribute('allowfullscreen', 'true');
        office_frame.setAttribute('allow', 'fullscreen *');
        frameholder.appendChild(office_frame);
        var office_form = document.getElementById('office_form');
        office_form.submit();
    </script>
</body>
</html>