Integration Guide - 2langnic/GlobaLeaks GitHub Wiki

It is possible to integrate GlobaLeaks within third party websites, hosting it centrally on a main site and integrating in many other sites.

Distributed organizations can take advantage of such integration to facilitate/empower all of the network partners.

GlobaLeaks does provide two "embeddable" interface that are:

  • Submission Interface (to make a new submission): /#/embedded/submission
  • Receipt page (to get back on an existing submission): /#/embedded/receipt

Integration architecture

Those interface MUST be integrated over HTTPS into websites with architecture that works as follow:

Source --HTTPS--> PublicWebsite --HTTPS--> Tor2web --Tor--> GlobaLeaks

The Public Website shall be running Apache2 under HTTPS and must proxy to Tor2web following the guidelines described at https://github.com/globaleaks/GlobaLeaks/issues/1128 (that will be better refined/simplified after implemeting https://github.com/globaleaks/GlobaLeaks/issues/1130) .

Integration can be done by using iframe like the following example where the reverse-proxy is on /leaks/ resource:

Submission

<iframe width="100%" height="100%" frameborder="0" src="https://PublicWebsite/leaks/#/embedded/submission?lang=en">
</iframe>

Receipt

<iframe width="100%" height="100%" frameborder="0" src="https://PublicWebsite/leaks/#/embedded/receipt?lang=en"></iframe>

The embedded resources being integrated does not load neither the Header neither the Footer of GlobaLeaks, giving to the web designer the full control over the integration.

When a resource is being embedded there will be no automatic Tor redirection by Tor2web.

GlobaLeaks Parameters

There are several parameters that the web developer can use to integrate GlobaLeaks and change it's behaviours:

Language Selection

You can pre-select the language to be used with parameter such as ?lang=langcode (ie: ?lang=en for english)

Context Selection

You can pre-select the Context to display into the embedded form with parameters such as ?context=ContectUUID (ie: ?context=06cb60d2-13a4-4aa3-926f-85b64f12239d) You can get the ContextUUID in the Web Admin interface as UUID, under the Context editing section.

Receivers Selection

You can make some receiver to be pre-selected on the submission interface by using parameters such as ?receivers=[Receiver1UUID,Receiver2UUID] (ie: ?receivers=[06cb60d2-13a4-4aa3-926f-85b64f12239d,03cb60d2-13a4-43a3-926f-85b64f12232z]) You can read the ReceiverUID in the Web Admin interface as UUID, under the Receiver editing section.

Enable/Disabling Context Selection

If you wish to avoid the context-select drop-down, displaying submission interface only on for a given context (ie: a given media or a given topic of a shared submission platform) you can use the parameter contexts_selectable=false .

Example parameters

You can concatenate multiple parameters like for example: https://PublicWebsite/leaks/#/embedded/submission?lang=en&context=06cb60d2-13a4-4aa3-926f-85b64f12239d&contexts_selectable=false&receivers=[06cb60d2-13a4-4aa3-926f-85b64f12239d,03cb60d2-13a4-43a3-926f-85b64f12232z]

Tor2web settings

On the Tor2web settings those are the relevant stuff to make it working:

# Enable loading of images from iframe (usually disable for public tor2web servers)
**blockhotlinking = False**

# Redirection will be managed only by GlobaLeaks in the GLClient, otherwise Mixed-Content error will happens
**disable_tor_redirection = True**
  • Embedding GlobaLeaks as a Widget into an existing web page

Ⓚ 2011-2015, Hermes Center for Transparency and Digital Human Rights. All rights reversed.

⚠️ **GitHub.com Fallback** ⚠️