Experience Extensions FAQs

To separate an extension from Contentstack, we make use of the HTML5 sandbox attribute on the iframe. And, the following sandbox flags are enabled:

• allow-scripts: This flag re-enables an extension to run JavaScript in its own sandbox
• allow-popups: Use this flag to enable your extension to open pop-ups.
• allow-popups-to-escape-sandbox: This flag allows the sandboxed document to open new windows without imposing any sandbox-specific restrictions on them.

Note: For external hosting of extensions, the allow-same-origin option will be enabled, where the origin refers to the domain where you've hosted the extensions. Also, ensure that the response header has the exact origin URL passed in the request header.
For Contentstack-hosted extensions, the iframe's origin will be null as we don't enable the allow-same-origin flag.

Yes, it is mandatory to host your extensions on HTTPS as we do not allow users to reference non-HTTPS URLs (i.e., http://) with the exception of Localhost URLs (http://localhost) which are used for development purposes.

If you plan to serve your extension from localhost, block mixed content protection in Chrome and Firefox.

Since an extension is run in a sandboxed iframe, it receives the origin null. Because of this reason, custom web fonts do not work as expected. In order to overcome this, you need to configure your servers to send the headers: Access-Control-Allow-Origin null or Access-Control-Allow-Origin

Yes, but only of the fields that you create using Contentstack’s UI Extensions. You cannot customize the appearance of Contentstack’s default fields

There are two ways to install Extensions in Contentstack:

• Via Contentstack UI.
• Using Extensions Content Management APIs

• Color picker
• YouTube video selector
• Key-value pair fields
• Product catalog viewer
• Salesforce/Marketo data fetcher

For more experience use cases, read All Contentstack Experience Extensions document.

The possibilities are endless. You can create a custom field and/or integrate the field with third-party apps.

No, there are no validation rules to be followed when choosing extension names. But do try to keep it short because long names can break the layout.

Yes, you can use multiple extensions in a content type. There are no limitations pertaining to using Extension fields. However, for content types, we have a field limitation of 100, which is applicable to Extension fields too.

Yes, there are certain limitations to using extensions. They are as follows:

• Size: The maximum size of an extension is 500 KB
• Title: The title of an extension cannot exceed 256 characters
• Stack limit: At most 50 extensions can be installed in a stack.
• Config file size: The size limit of an extension’s configuration file is 10 KB
• JSON data type size: The maximum size limit of the JSON Data Type is 10 KB
• Browser-support: Internally hosted extensions are not supported on Internet Explorer and Microsoft Edge as they lack support for the <iframe> srcdoc attribute. 

Yes, it is possible to add configuration externally on a stack-level. Refer to our API documentation on configuration from the Extension SDK during runtime.

To understand how this is done, refer to the Create New Custom Field article.

As the extension runs on the browser, a simple console debugger can be used to debug extensions.

If any URL defined in extension.json contains error or is invalid, the extension will not be rendered properly, i.e., it will be broken, and in some cases, it may not show up at all.

If you remove an installed extension, all the content that has been stored using the extension field will remain unaffected until another extension with the same UID but different attributes is used instead of the deleted extension in the content type.

It accepts multiple values if you enable the “Multiple” property while setting up the extension. To enable "Multiple," edit the extension, and check the Multiple checkbox on the extension configuration page.

The supported data types for an Extension field are: Text, Boolean, JSON, Number, and Date. Depending on the data that you want your extension field to consume, you can select any one of the data types.

When you update an extension, it is important to update the content type too (within which the extension is being used) by simply saving the content type once again. This integrates the updated changes in the extension with the content type.

When an extension is deleted, the following things may happen:

• The entry data for the field remains unchanged, unless another extension with the same UID as of the deleted extension but with changed data type or the “Multiple” setting is added.
• The entry data for the field will not be rendered in UI.

Tip: If you need to render the entry data unchanged, you need to add a new extension with the same UID as of the deleted extension, with the same data type and set the “Multiple” option.

No

Theoretically, yes. An extension can affect your content owing to the fact that they have access to all the content that the user running the extension has. It is advisable that users take utmost care while building/using extensions to avoid any kind of data loss.