Modifying the Portal Info Attributes in the portaldb.json File

To ensure that customized styles appear properly when using IE or Edge browsers, use the attribute:

"http.x-ua-compatible": "IE=Edge"

To set the primary language for user interface elements displayed by the DivePort application administrative functions, use the attribute:

"locale.default": "xx"

Where xx is the two-character language code defined by the ISO 639 standard. For example, “de” is German.

NOTE: This overrides the ADMIN > Portal Settings > Locale setting.

To change the format of numeric values in the portal (placement of commas and decimals) for a specific language, use the attribute:

"locale.numeric-override": "xx"

Where xx is the two-character language code defined by the ISO 639 standard. For example, “de” is German.

NOTE: This overrides the ADMIN > Portal Settings > Locale setting for numeric characters only.

To remove the MY ACCOUNT option from the title bar, use the attribute:

"disable-my-account-menu": "true"

To remove the LOG OFF option from the title bar, use the attribute:

"disable-logoff-button": "true"

The Share option creates a URL that can be used to link to the current page in the state that it was in when the URL was created. To remove the Share option from the toolbar, use the attribute:

"disable-sharing": "true"

To allow some, but not all users access to DiveTab, use the attribute:

"disable-start-divetab-link": "true"

This disables the MY ACCOUNT > Start DiveTab option and restricts user access to DiveTab at the portal level, but allows access at the portlet level using the DiveTab click action.

To allow some, but not all users access to NetDiver, use the attribute:

"disable-start-netdiver-link": "true"

This disables the MY ACCOUNT > Start NetDiver option and restricts user access to NetDiver at the portal level, but allows access at the portlet level using the NetDiver click action.

To restrict user access to Workbench, use the attribute:

"disable-start-workbench-link": "true"

This disables the MY ACCOUNT > Start Workbench option.

To limit bookmark access to the person that created them, use the attribute:

"disable-shared-bookmarks": "true"

This hides other users' bookmarks and removes the My bookmarks only option in the bookmarks dialog box, and also removes the Make this bookmark public option from the Bookmark this page dialog box.

Available options for indicator portlets and measures portlets depend on your license. By default, Measure Factory license holders do not have the option to use marker files as a data source for these portlets. If you have a Measure Factory license and want to create an indicator portlet or measures portlet in the standard license style, you must create another DivePort instance where you use the attribute:

"ignore-measure-factory-license": "true"

This allows you to have a Measure Factory license on a DiveLine, but still have a DivePort that works with a standard portal.

To include an absolute variance column to a default analysis, use the attribute:

"enable-default-analysis-absolute-difference-column": "true"

This is available when:

• The analysis generates a percent difference column

• The analysis references a single current, previous, or previous year column

• The analysis references two columns that are identical except that one is current and the other is either previous or previous year

To enable additional debug logging capability, use the attribute:

"log.debug-tags": "session-management"

This causes additional items to be included in the DivePort events log, stored in the \DI\Solution\webdata\<DivePort>\logs folder.

TIP: After copying logs for review, turn off the debug info to prevent wasting disk space.

By default, DiveTab does not log usage information. To enable this option, use the attribute:

"di-mobile-logging": "true"

This causes log files to accumulate on the server as they are uploaded from each user device during a Sync. The logs are located on the server in the \DI\Solution\webdata\<divetab>\logs\divetab folder.

TIP: These log files accumulate over time, so a housekeeping process should be used.

To generate a report that provides the amount of time that a dive takes, use the attribute:

"log.debug-tags": "timing"

After you restart DivePort, each time that you perform an action in DivePort, a timing report is written to the JavaScript Console. Press F12 to retrieve the report.

TIP: Clear the cache before each test to be sure to include the time that Spectre takes to generate the data. Also, consider removing other portlets to ensure that the report does not include timing effects that they might cause.

To define the maximum number of rows that can be exported to a pdf file, use the attribute:

"pdf.row-limit": "n" where n is the maximum number of rows allowed. If the portlet has more rows than the specified number, DivePort returns the error Your request would result in <N> rows of data, which is higher than the limit set by the site administrator. Try a smaller query, or contact your administrator for help.

To define the maximum number of rows that can be exported to an xls file, use the attribute:

"xls.row-limit": "n" where n is the maximum number of rows allowed. If the portlet has more rows than the specified number, DivePort returns the error Your request would result in <N> rows of data, which is higher than the limit set by the site administrator. Try a smaller query, or contact your administrator for help.

To define the maximum number of rows that can be exported from a measures portlet to an xlsx file, use the attribute:

"measures-portlet.row-limit": "n" where n is the maximum number of rows that are exported. By default, the maximum number of rows is 100,000. If the measures portlet has more rows than the specified number, DivePort exports only the specified number of rows.

CAUTION: Setting the limit much higher than the default can result in performance issues.

The following attributes are used to specify HTTP security headers:

To force the browser to communicate over secure HTTPS, use the attribute:

"http.strict-transport-security": "max-age=31536000"

DI strongly recommends that you use this default setting.

NOTE: In the event that the HTTP port serves different content than the HTTPS port, the recommended http.strict-transport-security setting results in the browser being redirected to the HTTPS site, making the separate content on the HTTP site inaccessible. In that rare instance, you can override this behavior by setting "http.strict-transport-security": "max-age=0".

To specify the referrer information that is sent with requests, use the attribute:

"http.referrer-policy": "<directive>"

If your business does not require tracking user activity using Referer, DI recommends setting the directive to "same-origin". Otherwise, DI recommends that you use the default directive "strict-origin-when-cross-origin".

To turn off specified browser features when showing DivePort pages, use the attribute:

"http.feature-policy": "fullscreen 'none'; microphone 'none'; camera 'none'; payment 'none'" DI strongly recommends that you use these default settings.

To prevent the browser from loading specific content and to mitigate and report cross-site scripting attacks (XSS attacks), use the attribute:

"http.content-security-policy": "default-src 'self' 'unsafe-inline''unsafe-eval'; img-src 'self' https:" DI recommends that you use this setting.

To test policies for the Content-Security-Policy header, use the attribute:

"http.content-security-policy-report-only": "<directive>" This attribute has no direct effect on security.

To indicate whether or not a browser that supports X-Frame-Options be allowed to render a page:

"http.x-frame-options": "<directive>" If DivePort is meant to be embedded in another web application, use an allow-from directive. Otherwise, DI recommends that you use the "sameorigin" directive.

To prevent the browser from content sniffing, use the attribute:

"http.x-content-type-options": "nosniff"

CAUTION: To protect from DOM-based cross-site scripting (DOM XSS) attacks, this option should be enabled only if the data is known to be safe. Any data entered by a user is not safe.

By default, DivePort removes all JavaScript from HTML data before placing it in the DOM. If the application requires injecting JavaScript into the display, you know that the data is safe, and you want to forgo the sanitation process, use the attribute:

"html-rendering-policy": "allow-javascript"

Setting "html-rendering-policy": "none" renders the data values as plain text. Use this option for applications with data that is not meant to be treated as HTML but contains HTML-like strings.

To define the web map service layer that is used on maps, use the attribute:

"maps.custom-wms-01": "<parameters for OpenLayers.layer.WMS()>"

For more information about web map services see Adding a Map Portlet.

To define the first day of the week for a calendar marker, use the attribute:

"locale.first-day-of-week": "n" where:

• For Sunday, n=0
• For Monday, n=1
• For Tuesday, n=2
• For Wednesday, n=3
• For Thursday, n=4
• For Friday, n=5
• For Saturday, n=6

This allows you to set up English-language portals that display a first day of the week that is not Sunday.

The viewport is the area of a browser window in which web content can be seen. The DivePort default viewport settings are "width=1024, user-scalable=yes". To customize the viewport settings, use the attribute:

"html.viewport": "<setting=value>, <setting=value>, ..."

For example, "html.viewport": "width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"

To enable the click action link fields feature, use the attribute:

"enable-link-fields": "true"

To bypass a Microsoft Internet Explorer restriction on third-party cookies when running in an IFrame and the parent page is from a different domain, use the attribute:

"p3p.header": "policyref=&quot;/ w3c/p3p.xml&quot;, CP=&quot;NON COR ADMa DEVa OUR IND&quot;"

This instructs DivePort to send the specified string as a P3P Platform for Privacy Preferences Project. HTTP header, which allows IE to accept cookies inside the IFrame.

NOTE: Internet Explorer and Edge are the only major browsers that support P3P.