mirror/formbricks-formbricks
1
0
Fork 0
mirror of https://github.com/formbricks/formbricks.git synced 2026-04-24 06:28:49 -05:00
Code Issues Packages Projects Releases 100 Wiki Activity

feat: domain based access control (#5985)

Browse Source 
Co-authored-by: Piyush Gupta <56182734+gupta-piyush19@users.noreply.github.com>
Co-authored-by: Piyush Gupta <piyushguptaa2z123@gmail.com>
Co-authored-by: Dhruwang <dhruwangjariwala18@gmail.com>
Co-authored-by: pandeymangg <anshuman.pandey9999@gmail.com>
This commit is contained in:
Matti Nannt
2025-06-16 13:37:02 +02:00
committed by GitHub
parent 7f40502c94
commit bebe29815d
99 changed files with 1003 additions and 387 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/self-hosting/configuration/domain-configuration.mdx
+93 -20
View File
@@ -4,13 +4,13 @@ description: "Configuring your domain for Formbricks."
icon: "globe"
---
Formbricks supports both single domain and second domain configurations. This guide will help you set up your domains correctly.
Formbricks supports both single domain and dual domain configurations with Public/Private Domain Split feature. This guide will help you set up your domains correctly for enhanced security and organization.
## Single Domain Setup
For a single domain setup, you need to configure two essential environment variables:
1. `WEBAPP_URL`: The base URL of your Formbricks instance
1. `WEBAPP_URL`: The base URL of your Formbricks instance (serves both admin and public content)
2. `NEXTAUTH_URL`: The authentication URL (should be the same as WEBAPP_URL)
### Example Configuration
@@ -27,36 +27,109 @@ NEXTAUTH_URL=https://formbricks.example.com
- Make sure your domain is properly configured in your DNS settings
- If you're using HTTPS (recommended), ensure you have valid SSL certificates installed
## Second Domain Setup (Survey Domain)
## Public / Private Domain Split
Formbricks allows you to serve surveys from a different domain than your main application. This is useful for:
Formbricks supports a powerful domain separation feature that allows you to serve public content (surveys, public APIs) from a different domain than your private admin interface. This provides enhanced security and better organization. It enables you to:
- Separating your admin interface from public surveys
- Using a dedicated domain for surveys
- Serve public content (surveys, public APIs) from a different domain than your private admin interface
- Restrict admin functionality to the private domain
- Ensure authentication and sensitive operations only occur on the private domain
### Why Use Domain Split?
- **Enhanced Security**: Separate public-facing surveys from your admin interface
- **Better Organization**: Use dedicated domains for different purposes (e.g., `admin.company.com` for management, `surveys.company.com` for public surveys)
### Configuration
To set up a second domain for surveys:
To set up Public/Private Domain Split:
1. Set up DNS records for your survey domain (e.g., `surveys.example.com`)
2. Configure your web server or reverse proxy to route requests from the survey domain to the Formbricks application
3. Set the `SURVEY_URL` environment variable to your survey domain
1. **Private Domain (WEBAPP_URL)**: Your admin/management interface
2. **Public Domain (PUBLIC_URL)**: For surveys and public-facing content
**Important Security Note**: Formbricks handles application-level domain restrictions to ensure each domain
can only access specific resources within the application. However, all domain configuration (DNS, SSL
certificates, reverse proxy setup) and firewall configuration that comes with this feature to enhance
security must be configured by you. Formbricks does not manage your infrastructure-level security settings.
### Example Configuration
```bash
WEBAPP_URL=https://formbricks.example.com
NEXTAUTH_URL=https://formbricks.example.com
SURVEY_URL=https://surveys.example.com
# Private admin domain
WEBAPP_URL=https://admin.formbricks.example.com
NEXTAUTH_URL=https://admin.formbricks.example.com
# Public domain for surveys
PUBLIC_URL=https://surveys.example.com
```
### Important Notes
### How It Works
- The `SURVEY_URL` must be a valid URL with protocol
- When `SURVEY_URL` is set, all public survey links will use this domain.
- If `SURVEY_URL` is not set, surveys will be served from the `WEBAPP_URL` domain
- Make sure your DNS and SSL certificates are properly configured for both domains
- The survey domain should be properly configured in your reverse proxy or web server
- **Important**: The second domain is exclusively for serving surveys. Any non-survey paths accessed on this domain will return a 404 error. This is a security feature to ensure the survey domain only serves survey content.
When PUBLIC_URL is configured:
- **Admin Interface**: All admin/management functions are served from `WEBAPP_URL`
- **Public Surveys**: All survey links and public APIs use `PUBLIC_URL`
- **SDK Integration**: The public domain is used for all client-side SDK connections
- **Email Links**: Survey invitation emails use the public domain
- **Sharing Features**: Survey sharing uses the public domain
### Routes Available on the Public Domain
When PUBLIC_URL is configured, the following routes are automatically served from the public domain:
#### Survey Routes
- `/s/{surveyId}` - Individual survey access
- Embedded survey endpoints
#### API Routes
- `/api/v1/client/{environmentId}/*` - Client API endpoints
#### Storage Routes
- `/storage/{environmentId}/{accessType}/{fileName}` - Public file storage access
#### Health & Monitoring
- `/health` - Health check endpoint
#### Sharing & Embed Routes
- Survey sharing endpoints
- Embed widget routes
- Social sharing endpoints
All other routes are restricted to the private domain (`WEBAPP_URL`) for security purposes. The admin domain can access the health endpoint (/health) and public file storage (`/storage/{environmentId}/{accessType}/{fileName}`), while all other public routes are exclusively accessible on the public domain (`PUBLIC_URL`) and will return a 404 error if accessed from the admin domain.
### App URL SDK Configuration
#### Multi-Domain Setup SDK Configuration
When using PUBLIC_URL (multi-domain setup), all SDK configurations must use the **public domain**:
```js
Formbricks.setup({
environmentId: "your-environment-id",
appUrl: "https://surveys.example.com", // Use PUBLIC_URL domain
});
```
Please refer to the [Framework Guides](/xm-and-surveys/surveys/website-app-surveys/framework-guides) for step-by-step instructions specific to your platform.
### DNS and SSL Configuration
1. **Set up DNS records** for both domains
2. **Configure SSL certificates** for both domains
3. **Update your reverse proxy** (nginx, Apache, Cloudflare, etc.) to route both domains to your Formbricks instance
4. **Firewall rules**: Ensure both domains can reach your Formbricks instance
### Fallback Behavior
If `PUBLIC_URL` is not set:
- All content (admin and public) is served from `WEBAPP_URL`
- The system behaves as a single domain setup
- No domain separation occurs
If you have any questions or require help, feel free to reach out to us on [GitHub Discussions](https://github.com/formbricks/formbricks/discussions).
docs/self-hosting/configuration/environment-variables.mdx
+3 -4
View File
@@ -11,10 +11,11 @@ These variables are present inside your machine's docker-compose file. Restart t
| Variable | Description | Required | Default |
| ---------------------------- | -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------------------------- |
| WEBAPP_URL | Base URL of the site. | required | http://localhost:3000 |
| PUBLIC_URL | Base URL for the public domain where surveys and public-facing content are served. If not set, uses WEBAPP_URL. | optional | WEBAPP_URL |
| NEXTAUTH_URL | Location of the auth server. This should normally be the same as WEBAPP_URL | required | http://localhost:3000 |
| DATABASE_URL | Database URL with credentials. | required | |
| NEXTAUTH_SECRET | Secret for NextAuth, used for session signing and encryption. | required | (Generated by the user, must not exceed 32 bytes, `openssl rand -hex 32`) |
| ENCRYPTION_KEY | Secret used by Formbricks for data encryption and audit log hashing. | required | (Generated by the user, must not exceed 32 bytes, `openssl rand -hex 32`) |
| ENCRYPTION_KEY | Secret used by Formbricks for data encryption and audit log hashing. | required | (Generated by the user, must not exceed 32 bytes, `openssl rand -hex 32`) |
| CRON_SECRET | API Secret for running cron jobs. | required | (Generated by the user, must not exceed 32 bytes, `openssl rand -hex 32`) |
| LOG_LEVEL | Minimum log level (debug, info, warn, error, fatal) | optional | info |
| UPLOADS_DIR | Local directory for storing uploads. | optional | ./uploads |
@@ -53,7 +54,7 @@ These variables are present inside your machine's docker-compose file. Restart t
| STRIPE_SECRET_KEY | Secret key for Stripe integration. | optional | |
| STRIPE_WEBHOOK_SECRET | Webhook secret for Stripe integration. | optional | |
| TELEMETRY_DISABLED | Disables telemetry if set to 1. | optional | |
| DEFAULT_BRAND_COLOR | Default brand color for your app (Can be overwritten from the UI as well). | optional | #64748b |
| DEFAULT_BRAND_COLOR | Default brand color for your app (Can be overwritten from the UI as well). | optional | #64748b |
| DEFAULT_ORGANIZATION_ID | Automatically assign new users to a specific organization when joining | optional | |
| OIDC_DISPLAY_NAME | Display name for Custom OpenID Connect Provider | optional | |
| OIDC_CLIENT_ID | Client ID for Custom OpenID Connect Provider | optional (required if OIDC auth is enabled) | |
@@ -66,7 +67,6 @@ These variables are present inside your machine's docker-compose file. Restart t
| PROMETHEUS_EXPORTER_PORT | Port for Prometheus metrics. | optional | 9090 |
| DOCKER_CRON_ENABLED | Controls whether cron jobs run in the Docker image. Set to 0 to disable (useful for cluster setups). | optional | 1 |
| DEFAULT_TEAM_ID | Default team ID for new users. | optional | |
| SURVEY_URL | Set this to change the domain of the survey. | optional | WEBAPP_URL |
| SENTRY_DSN | Set this to track errors and monitor performance in Sentry. | optional | |
| SENTRY_AUTH_TOKEN | Set this if you want to make errors more readable in Sentry. | optional | |
| SESSION_MAX_AGE | Configure the maximum age for the session in seconds. | optional | 86400 (24 hours) |
@@ -76,5 +76,4 @@ These variables are present inside your machine's docker-compose file. Restart t
| AUDIT_LOG_ENABLED | Set this to 1 to enable audit logging. Requires Redis to be configured with the REDIS_URL env variable. | optional | 0 |
| AUDIT_LOG_GET_USER_IP | Set to 1 to include user IP addresses in audit logs from request headers | optional | 0 |
Note: If you want to configure something that is not possible via above, please open an issue on our GitHub repo here or reach out to us on Github Discussions and we'll try our best to work out a solution with you.
docs/xm-and-surveys/surveys/general-features/multi-language-surveys.mdx
+5 -5
View File
@@ -4,7 +4,9 @@ description: "Create surveys that support multiple languages using translations.
icon: "language"
---
<Note>Multi-language surveys are part of the Formbricks [Enterprise Edition](/self-hosting/advanced/license)</Note>
<Note>
Multi-language surveys are part of the Formbricks [Enterprise Edition](/self-hosting/advanced/license)
</Note>
How to deliver a specific language depends on the survey type (app or link survey):
@@ -70,10 +72,10 @@ You can come back to this page anytime to add more languages or remove existing
1. After you setup the Formbricks SDK for your user, you can call the `setLanguage` function with the language code. This can be either the ISO identifier or the Alias you set when creating the language. The `language` attribute makes sure that this user only sees surveys with a translation in this specific language available.
```js javascript
```js
Formbricks.setup({
environmentId: "<environment-id>",
appUrl: "<app-url>",
appUrl: "<app-url>", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
});
Formbricks.setLanguage("de"); // ISO identifier or Alias set when creating language
@@ -131,8 +133,6 @@ No additional configuration is needed to enable RTL support. Simply:
![RTL Language Support](/images/xm-and-surveys/surveys/general-features/multi-language-surveys/rtl-support.webp)
---
**Need help?** [Reach out in Github Discussions](https://github.com/formbricks/formbricks/discussions)
docs/xm-and-surveys/surveys/website-app-surveys/framework-guides.mdx
+37 -25
View File
@@ -6,6 +6,15 @@ icon: "book"
Integrate the **Formbricks App Survey SDK** into your app using multiple options. Explore the available choices below. If you need something else, open a [**GitHub Discussion**](https://github.com/formbricks/formbricks/discussions), and well be happy to help!
<Info>
**Important for Self-Hosted Setups:**
**Multi-Domain Setup:** If you are using the multi-domain setup, the `appUrl` parameter in all SDK configurations should point to your **public domain** (PUBLIC_URL environment variable). This is the domain where surveys and public-facing content are served, which may be different from your admin interface domain (WEBAPP_URL).
**Single Domain Setup:** If you are using the single domain setup, the `appUrl` parameter in all SDK configurations should point to your **admin domain** (WEBAPP_URL environment variable).
</Info>
<CardGroup cols={2}>
<Card title="HTML" icon="html5" color="orange" href="#html">
[All you need to do is add three lines of code to your HTML script, and that's it!](https://formbricks.com/docs/app-surveys/framework-guides#html)
@@ -25,17 +34,20 @@ Integrate the **Formbricks App Survey SDK** into your app using multiple options
Learn how to use Formbricks' React Native SDK to integrate your surveys into React Native applications.
</Card>
<Card title="React Native" icon="react" color="lightblue" href="#react-native">
[Easily integrate our SDK with your React Native app for seamless survey support.](https://formbricks.com/docs/app-surveys/framework-guides#react-native)
</Card>
<Card title="React Native" icon="react" color="lightblue" href="#react-native">
[Easily integrate our SDK with your React Native app for seamless survey
support.](https://formbricks.com/docs/app-surveys/framework-guides#react-native)
</Card>
<Card title="Swift" icon="swift" color="orange" href="#swift">
[Use our iOS SDK to quickly integrate surveys into your iOS applications.](https://formbricks.com/docs/app-surveys/framework-guides#swift)
</Card>
<Card title="Swift" icon="swift" color="orange" href="#swift">
[Use our iOS SDK to quickly integrate surveys into your iOS
applications.](https://formbricks.com/docs/app-surveys/framework-guides#swift)
</Card>
<Card title="Android" icon="android" color="green" href="#android">
[Integrate surveys into your Android applications using our native Kotlin SDK.](https://formbricks.com/docs/app-surveys/framework-guides#android)
</Card>
<Card title="Android" icon="android" color="green" href="#android">
[Integrate surveys into your Android applications using our native Kotlin
SDK.](https://formbricks.com/docs/app-surveys/framework-guides#android)
</Card>
</CardGroup>
@@ -49,15 +61,15 @@ Before getting started, make sure you have:
## HTML
All you need to do is copy a `<script>` tag to your HTML head:
All you need to do is copy a `<script>` tag to your HTML head:
```javascript
<!-- START Formbricks Surveys -->
<script type="text/javascript">
!function(){
var appUrl = "https://app.formbricks.com";
var appUrl = "https://app.formbricks.com"; // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
var environmentId = "<your-environment-id>";
var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.setup({environmentId: environmentId, appUrl: appUrl})},500)}();
var t=document.createElement("script");t.type="text/javascript",t.async=!0,t.src=appUrl+"/js/formbricks.umd.cjs";var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e),setTimeout(function(){window.formbricks.setup({environmentId: environmentId, appUrl: appUrl})},500)}();
</script>
<!-- END Formbricks Surveys -->
```
@@ -97,7 +109,7 @@ import formbricks from "@formbricks/js";
if (typeof window !== "undefined") {
formbricks.setup({
environmentId: "<environment-id>",
appUrl: "<app-url>",
appUrl: "<app-url>", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
});
}
@@ -155,7 +167,7 @@ export default function FormbricksProvider() {
useEffect(() => {
formbricks.setup({
environmentId: "<environment-id>",
appUrl: "<app-url>",
appUrl: "<app-url>", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
});
}, []);
@@ -199,7 +211,7 @@ import formbricks from "@formbricks/js";
if (typeof window !== "undefined") {
formbricks.setup({
environmentId: "<environment-id>",
appUrl: "<app-url>",
appUrl: "<app-url>", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
});
}
@@ -232,7 +244,7 @@ Next, go to the [**Validate Your Setup**](#validate-your-setup) section to verif
## Vue.js
Integrating the Formbricks SDK with Vue.js is easy. Well ensure the SDK is only loaded and used on the client side, as its not meant for server-side use.
Integrating the Formbricks SDK with Vue.js is easy. We'll ensure the SDK is only loaded and used on the client side, as it's not meant for server-side use.
```bash npm
npm install @formbricks/js
@@ -252,7 +264,7 @@ import formbricks from "@formbricks/js";
if (typeof window !== "undefined") {
formbricks.setup({
environmentId: "<environment-id>",
appUrl: "<app-url>",
appUrl: "<app-url>", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
});
}
@@ -309,7 +321,7 @@ import Formbricks from "@formbricks/react-native";
const config = {
environmentId: "<environment-id>",
appUrl: "<app-url>",
appUrl: "<app-url>", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
};
export default function App() {
@@ -372,7 +384,7 @@ import FormbricksSDK
// 1. Build your config (you can also inject userId + attributes here)
let config = FormbricksConfig.Builder(
appUrl: "https://yourapp.bricks.com",
appUrl: "https://yourapp.bricks.com", // use PUBLIC_URL if you are using multi-domain setup, otherwise use WEBAPP_URL
environmentId: "YOUR_ENV_ID"
)
.setLogLevel(.debug)
@@ -413,7 +425,6 @@ Formbricks.cleanup(waitForOperations: true) {
| environment-id | string | Formbricks Environment ID. |
| app-url | string | URL of the hosted Formbricks instance. |
Now, visit the [Validate Your Setup](#validate-your-setup) section to verify your setup!
## Android
@@ -486,7 +497,7 @@ Formbricks.logout()
## Validate your setup
Once youve completed the steps above, validate your setup by checking the Setup Checklist in the Settings. The widget status indicator should change from this:
Once you've completed the steps above, validate your setup by checking the Setup Checklist in the Settings. The widget status indicator should change from this:
![first validate](https://res.cloudinary.com/dwdb9tvii/image/upload/v1738122589/image_ecaovs.jpg)
To this:
@@ -496,18 +507,19 @@ To this:
## Debugging Formbricks Integration
<Note>
The debug mode is only available in the JavaScript SDK and works exclusively in the browser. It is not supported in mobile SDKs such as React Native, iOS, or Android.
The debug mode is only available in the JavaScript SDK and works exclusively in the browser. It is not
supported in mobile SDKs such as React Native, iOS, or Android.
</Note>
Enabling debug mode in your browser can help troubleshoot issues with Formbricks. Heres how to activate it and what to look for in the logs.
Enabling debug mode in your browser can help troubleshoot issues with Formbricks. Here's how to activate it and what to look for in the logs.
### Activate Debug Mode
To enable debug mode, add `?formbricksDebug=true` to your apps URL (e.g., [`https://example.com?formbricksDebug=true)`](<https://example.com?formbricksDebug=true)>).&#x20;
To enable debug mode, add `?formbricksDebug=true` to your app's URL (e.g., [`https://example.com?formbricksDebug=true)`](<https://example.com?formbricksDebug=true)>).&#x20;
#### View Debug Logs
1. Open your browsers developer tools:
1. Open your browser's developer tools:
- **Google Chrome/Edge**: Press `F12` or right-click and select "**Inspect" > "Console**".