SOLVED

Embed JavaScript by side loading of app

Deleted
Not applicable

Hi,
can someone from the Microsoft team confirm that side loading of Core.EmbedJavaScript is best practice even if side loading in general is not recommended for production. I have a really hard time convincing IT operations to enable this feature temporarily on my SPO Site Collection.

Thanks!
Gitte Dreyer

4 Replies
best response
Solution

I would never call anything as a "best practice", since it depends on some many factors. Core.EmbedJavaScript is PnP scenario sample to show how to use embed JavaScript pattern on the existing sites. Key objective of this sample is to show the APIs on adding userCustomAction with custom JavaScript to your tenant.

 

Sample does use provider hosted add-in/app only for the demo purposes - in real production, I'd never personally implement this as a functionality where you'd need to explicitly go and click a button in app/add-in to make things happen.

 

"ok - so how then?" - Typically these kind of customizations are pushed to site using remote provisioning pattern. You could use PnP PowerShell or even console application to call the needed operation, if you'd like to get the sites modified. This would only require needed permissions to the site, but would not require any app/add-in side loading steps.

 

So in simplicity, you have pretty much following options for automating this

  • Perform the needed customization as part of the your site creation - if you use self-service site creation or admin operations using PnP PowerShell / console application
  • Perform needed customization as a admin operation to existing sites - if you don't have custom site provisioning process for your customers - can be a PowerShell script or console application

So - you do not need to have side-loading enabled for the production sites, since in practice you'd not actually deploy the add-in to the sites, since APIs are exposed using CSOM for accessing them with alternative models.

 

Makes sense?

Thank you and yes indeed. Not sure why I got obsessed with side loading and stopped to think.. From a console application I've just managed what I wanted, which was to add scripts to my site collection. However, I'm excited to dive into the PnP Pwershell cmdlets :)

 

 

@Vesa Juvonen When I access the workbench.aspx page that is loaded into my Dev Tenant, it takes me to the GitHub Page? Works ok locally, when trying to use SP Online though I get that behaviour....Have you seen this?

I saw this behaviour when I accidentally downloaded the entire aspx page. You should right-click Raw and download that file.

Capture.PNG

1 best response

Accepted Solutions
best response
Solution

I would never call anything as a "best practice", since it depends on some many factors. Core.EmbedJavaScript is PnP scenario sample to show how to use embed JavaScript pattern on the existing sites. Key objective of this sample is to show the APIs on adding userCustomAction with custom JavaScript to your tenant.

 

Sample does use provider hosted add-in/app only for the demo purposes - in real production, I'd never personally implement this as a functionality where you'd need to explicitly go and click a button in app/add-in to make things happen.

 

"ok - so how then?" - Typically these kind of customizations are pushed to site using remote provisioning pattern. You could use PnP PowerShell or even console application to call the needed operation, if you'd like to get the sites modified. This would only require needed permissions to the site, but would not require any app/add-in side loading steps.

 

So in simplicity, you have pretty much following options for automating this

  • Perform the needed customization as part of the your site creation - if you use self-service site creation or admin operations using PnP PowerShell / console application
  • Perform needed customization as a admin operation to existing sites - if you don't have custom site provisioning process for your customers - can be a PowerShell script or console application

So - you do not need to have side-loading enabled for the production sites, since in practice you'd not actually deploy the add-in to the sites, since APIs are exposed using CSOM for accessing them with alternative models.

 

Makes sense?

View solution in original post