The Visibility setting determines who can see and use a form, and whether other users can access your forms. You can set this property on the Forms and Workflows Home Page by clicking on the Action Menu for the form/workflow and selecting Security. Fill out the Access Control screen. You can also display the Access Control wizard by clicking the Access Control tab on the Form/Workflow Designer properties panel or wizard.
When you select Share from the Action Menu to share your form, you will see a Share Form page with share options at the right. Three options (Embedded Form, Full Page/Pop Up and Just the iframe) are different ways to let users submit the form from your website without having to navigate elsewhere. These options have associated code on the left which can be cut and pasted into your website. Specific instructions for the code also are provided.
Be sure to select Share from the Action Menu to share your form/workflow or add it to a web page. Do not use the browser URL you see when you're running or testing a form — this URL represents an ''instance'' of the form, not the actual form itself.
When you run or test a form, you'll notice that the browser URL includes a -extID parameter (for example, .../popupform?embed=true_extId=0.5427066243050674). This means that it's an in-memory instance of the form. You can use the _extID parameter yourself if you want to collaborate with others on an instance of a form. See the _extID topic for more information.
The two Link options give you a link to the form/workflow. You can send the link in an email or publish it on your web page.
Each option is discussed below. Remember to make your form public or users won’t be able to access the form no matter which method of sharing you choose.
Keep in mind that if you have shared your form via one of the link options and subsequently marked your form private, users will see an error message: "Access denied. Are you trying to access a private form/workflow?"
resources, Projects, Forms, Workflows, Spaces and more are referenced with opaque URLs. Use of opaque URLs eliminates security issues that may have been present with URLs that exposed a designer user's id. Opaque URLs replace the user id (…/user/user.id/…) that was used in the previous format with a universally unique identifier (uuid) …/u/user.uuid/… The uuid, is a randomly generated value that is stored in .
The Opaque URL feature provides:
An example of the opaque URL for a space named mycompany is shown below:
OLD SPACE URL: http(s)://<server>:<port>/frevvo/web/tn/mycompany/user/designer/space/mycompany NEW SPACE URL: http(s)://<server:port>/frevvo/web/tn/mycompany/u/8aa27da6-4bef-427c-92e3-6ad8d58e506a/space/mycompany
The opaque URL can be used to determine the designer account where a form/workflow is located. This "lookup" feature resolves the uuid to a user's id and can be very helpful when troubleshooting. The "lookup" feature is only available to tenant admins, users with the designer/publisher role or the designer/owner of the form/workflow.
The "lookup" feature works with:
In all cases, follow these steps:
A user receives an email that includes an opaque URL to a form/workflow as shown below. The user reports an issue with the form/workflow and requests that the designer investigate. The designer must locate the account where the form/workflow is located.
Paste the opaque URL into your browser. Remove popupform from the URL and replace it with lookup after the slash.
Press the Enter key. Login to the tenant (determined by the tenant name after the /tn in the URL) as an admin, designer or publisher user if presented with the login screen.
The following information about the form/workflow display in the browser:
Tenant: mycompany User: designer Project: HR Form: Invoice
A designer must make changes to a form/workflow in their company space at the request of a co-worker. The requesting employee logs into the company space, selects the form/workflow from the menu and copies the form/workflow instance URL from the browser. An opaque URL such as the one shown below is emailed to the designer. The designer can't remember what user, app, form/workflow name that opaque url maps to and uses the lookup feature to find the form/workflow they need to fix/enhance.
Paste the opaque URL into your browser. Remove everything after the uuid. Replace it with lookup after the slash. Press the Enter key. Login to the tenant (determined by the tenant name after the /tn in the URL) as an admin, designer or publisher user if presented with the login screen.
The uuid is converted to the user id of the designer who owns the space.
Login to the tenant as the specified user and edit the space menu to get the raw form/workflow link. Remove everything after the formtype, flowtype, value in the opaque Raw Form/Workflow link. In the example shown, you would remove all characters starting with the question mark .
Add /lookup to get the project and form/workflow name.
The workflow named Example 3 - PO for Sales Review is located in the tenant mycompany, in the designer user account, in the project Purchase Order Completed.
If you are using a tenant configured for a container security manager and you want to allow anonymous access to your forms/workflows, you must manually add "public" to the link to make forms/workflows accessible to users who are not logged in. You must do this if you are using any of the URL types in the Share dialog for forms and workflows, using a Space or embedding forms/workflows in your website. The public URL allows the tenant to be secured while public forms can be accessed anonymously, ex: a job application on an external website.
Here is an example of a public url used to access a form in a container security managed tenant. The form/workflow visibility is set to public via the Access Control feature. Anonymous users will be able to access the form as the servlet container will ALLOW access to the frevvo.war and ' access control will ALLOW access to the form. Close/open your browser or copy/paste the public url into another browser when testing.
You will not see the public url listed in the Share light box.
If you are using a tenant configured for a container security manager and you want to allow anonymous access to your forms/workflows from your website, you must create a public URL.
When you create a new form, by default it has Access Control marked as Anyone (no login required), meaning anyone that is given the form's URL via any of the form's share choices, has access to use and submit the form. You may change it to Designer/Owner Only, so that the only person who can use the form via any of the form's share choices, is the person logged into this account. Once you are ready to let others use your form you can again mark the form as Anyone (no login required).
It is important to note that while a logged in user is completing a form, the data from their session URL is visible to any session from the same user@tenant. For example, the user may copy and paste the session URL into a new browser tab where they are still logged in, which would load with the form data.
can easily be added into your existing web site. The option above in the Share section explains the code you need to copy into your web page and the different ways that the forms can be added to your site.
Security enhancements in now require embedded forms and workflows to be used in https-supported sites. Cloud customers with forms/workflows embedded in http-only supported sites will see a blank page or an error message when attempting to access the resource. To resolve this, use an https-supported outer site to embed the form/workflow. Please note that this may also require a browser or OS upgrade; for example, iOS 13/macOS 10.15 are the minimum iOS/macOS versions that supports the frevvo Cloud sameSiteCookies=none attribute.
Recent Safari updates have enhanced security features that prevent embedded content third party sites from loading inside another domain. These features help prevent sites from monitoring user's browsing activity, but they also impact frevvo forms embedded on your website when accessed via Safari browsers (and any other browser with similar security features.)
When users attempt to access your embedded form in Safari they will see a message prompting them to request access.
They click Request Access, and see a popup window that can be closed.
Return to the page with the embedded form. The message has now changed to prompt the user to Load Content.
The user clicks Load Content, and may see a pop-up authorization from the browser. Click Allow in the browser pop-up, and the form will load.
If your web server and form server are in the same domain (in-house likely scenario), you are able to embed as many forms into each of your .html web pages as you wish. In order to do this you must give each form a unique id. So if you copy the Share code into the web page a 2nd time, you must edit id to make them different from the 1st copy/paste. Id can be any string as long as it is unique.
If you experience problems with your web page not resizing correctly to accommodate multiple embedded forms, try setting the height of the form manually. Open the form in the Forms Designer, click the Style tab in the Properties panel, and and type a value in pixels (for example, ''720px'', ''900px'', etc.) in the Height field to set the form height.
Currently does not support the ability to embed multiple forms in a single .html web page iin a cross domain configuration. This is the SaaS scenario, where the is hosted on app.frevvo.com and your web site is on another domain. In this scenario you currently can only embed a single form into each of your .html web pages.
For this version, embedding the task list successfully into an HTML page requires setting its width. See URL Parameters for more details.
By default, forms will display inside your web page in a frame. On mobile only, you can use the showLink URL parameter to display the form as a clickable link or thumbnail instead. The web master can customize the share link using the URL parameters described below.
If the iframe is not properly sized to the viewport on your mobile device, add the following meta tag between the <head> elements in the HTML.
<head> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1"> </head>
Here is an example of HTML with the meta tag and embedded script:
Another option is to leave the form in the frame. If no URL parameter is specified, the form will automatically resize based on the device it is viewed on. If the web designer wants the form to always be full-width, they can specify _device=desktop in the share embed URL. The web site designer might have a mobile web site where tablet and phone users would access the forms where the share URL would leave off the "_device=" parameter. www.frevvo.com is an example of forms embedded into a website that look great on all devices.
Data loss is possible if users filling in a lot of data in a long forms/workflows close the browser ot tab without saving or submitting. If the Unsaved Changes Warning feature is configured, users will be warned of this situation before the data loss. This applies to use-mode forms and workflows only, not edit mode. The warning only shows if there have been changes made to the form/workflow. If there are no changes, then no warning is displayed. If the form/workflow is Saved or the Save on Navigate feature is configured for a workflow, then changes are saved and the warning is not produced on any attempt to close the browser.
The unsaved changes warning feature is not supported on iOS Safari and only partially supported on Chrome Android. You may notice some inconsistencies with workflows. Refer to the Unsaved Changes topic for the details.
This feature is not configured in the frevvo Cloud. In-house customers can turn on the Unsaved Changes Warning feature with the frevvo.unsaved.warning property.
The warning behavior message is browser specific. The messages for Firefox, Chrome and Microsoft Edge are shown below:
Certain browsers (chrome and firefox, but not IE11 and Edge) will not show the Unsaved Data message on closing the browser window/tab if the user does not click on something.
The Unsaved Changes feature may not work reliably with workflows in the following scenarios:
The Unsaved Data Warning will appear when performing a task from the Task List. For example,if you change some data and then click the Inbox icon
To turn off the unsaved warning feature for a particular form/workflow instance, add the _unsavedWarning=true/false URL parameter to the Share URL. Remember to add the ? at the end of the URL if this is the first URL parameter you are adding and the & at the end of the URL if there are other URL parameters already appended to the URL.
Designers may want to do this when developing/testing forms/workflow.
See URL Parameters for more information.
In-house customers can turn on the Unsaved Data feature by adding the the frevvo.unsaved.warning property to the frevvo-config.properties file. Appending the _unsavedWarning URL parameter to a form/workflow overrides the value set in this configuration property.