Question

3
Replies
399
Views
DavidM07 Member since 2015 1 post
Healthfirst
Posted: April 8, 2016
Last activity: April 11, 2016
Closed

Relaxing Same Origin Policy on IAC

We are currently using Pega 7.1.7 in the cloud as well as IAC.  We are integrating Pega into a 3rd party asp.net based application. The application is working however we are getting errors in the JavaScript console related to the same origin policy, which are rightfully valid.

For instance:

XMLHttpRequest cannot load https://someclient.pegacloud.com/prgateway/PRPCGateway. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://secure.somedomain.com' is therefore not allowed access.

pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught SecurityError: Blocked a frame with origin "https://someclient.pegacloud.com" from accessing a frame with origin "https://secure.somedomain.com". Protocols, domains, and ports must match.

pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught TypeError: Cannot read property 'start' of undefined

We would like to relax the same origin policy on the IAC instance by enabling cross-origin resource sharing (CORS). Specially, adding “https://secure.somedomain.com” to the Access-Control-Allow-Origin header. See:

                http://enable-cors.org/server_tomcat.html

The application itself is working but we do not want these erros and would like the DOMSto be accessible by the iframes. Does Pega have any other clients that are doing this? What does Pega recommend?

Thanks,

User Interface
Moderation Team has archived post
Share this page LinkedIn