How to configure your website for compatibility with BluCollr

To use our web integration job posting service, you'll need to allow us to display your corporate job postings on BluCollr as inline frames or iframes. To do so, you'll need to make some adjustments to your website or application's security settings. Here’s a step-by-step guide:

Step 1: Update Content Security Policy (CSP)

If your website uses a Content Security Policy, please add our domain to the frame-ancestors directive. This will allow our site to embed your job postings. The directive should look like this:

Content-Security-Policy: frame-ancestors 'self' https://blucollr.com;

Step 2: Adjust X-Frame-Options Header

Check if your site is using the X-Frame-Options header. Here are the options:

• Deny: Prevents any domain from framing your content.
• SAMEORIGIN: Only allows pages from the same origin to be framed.
• ALLOW-FROM: This is deprecated and not widely supported.

To enable iframes from our site, please consider removing or modifying this header. For example, you can set it to allow our domain.

Example Configuration

Here’s how your IT team can implement these changes:

For Apache Servers:

Header set Content-Security-Policy "frame-ancestors 'self' https://blucollr.com;"
Header unset X-Frame-Options

For Nginx Servers:

add_header Content-Security-Policy "frame-ancestors 'self' https://blucollr.com;";
add_header X-Frame-Options "";

Step 3: Test the Implementation

After making these changes, it's important to test that the job postings can be successfully embedded on our site. Your IT team can use browser developer tools to check the headers and ensure there are no CSP violations.

Step 4: Security Considerations

• Ensure Secure Content: Make sure that the content being embedded does not expose sensitive information.
• Regular Review: It’s advisable to review these settings regularly for security.

If your IT team has any questions or needs further assistance, please contact support@blucollr.com. We’re here to help!