Placing the addon settings into Shoptet administration

If your addon includes user settings, you can place the settings page directly in Shoptet administration, as an iframe. The link to addon settings will then be displayed directly in the Shoptet administration menu.

Iframe URL integration

General concept:

We provide two ways to integrate the page into the iframe:

Direct URL in the iframe

In this case, browsers consider it as third-party page and as such it is less trusted then the parent page(s). In consequence some browsers do not send cookies from other urls and sometimes even between multiple calls of the same page for privacy and security reasons. This means your application must run as cookie-less. Multiple calls of your page must be secured by means of JWT, Paseto or similar.

Proxy pass

In case proxy pass is used, sessions are transferred between multiple page calls (with an exception of PHPSESSIONID, which we remove). There are however some limitations to session, asset files and redirects. Generally you need to take into account your script is displayed under different URL than it is called and processed on your server.

Session & cookies
It is important to change your session cookie configuration and set samesite to NONE. This change will fix issue with Chrome browser.

    'lifetime' => time() + 60 * 60 * 24,
    'path' => '/',
    'domain' => '',
    'secure' => TRUE,
    'httponly' => TRUE,
    'samesite' => 'NONE',

Assets files
You need to load all your assets, static, files with absolute url. https:// is a matter of course. It is mostly important for css, js and image files.

<!-- Wrong -->
<link type="text/css" rel="stylesheet" href="/static/style.css">
<!-- Right -->
<link type="text/css" rel="stylesheet" href="">

<!-- Wrong -->
<script src="/static/main.js"></script>
<!-- Right -->
<script src=""></script>

<!-- Wrong -->
<img src="/img/logo.png" alt="Logo" />
<!-- Right -->
<img src="" alt="Logo" />

You should not redirect to absolutu url inside your addon. It will cause issue as redirect means “step out” of proxy pass. Because of that “step out” your addon can lost access to cookies and session.

// Wrong

// Right
header('Location: step2.php');
header('Location: foo/bar.php');
header('Location: ?page=step2');

Inserting resizing JavaScript into a page

Set up page design

body {

Contents of the page

What the page should contain

What the page should not include

The page serves only to set up the addon itself, directly in the administration of the e-shop. Therefore it is prohibited to use it for other purposes. This means:

Test the page display in administration

TIP: If you want to convert the administration view of an existing addon, it is recommended that you create a test addon with identical settings to test and debug the administration view.