Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (4)

Resolved IWA Cross Domain Security Issue in Chrome Browser

  1. Issue
0
Votes
Undo
  1. Sang Chul Song
    Sang Chul Song
  2. PowerServer 2020 or older (Obsolete)
  3. Tuesday, 28 September 2021 01:03 AM UTC

Hello

I ran the application using iwa in the Chrome browser.

Chrome has been updated this time.

The issue of Cross Domain occurred as chromium was updated.

If you call 127.0.0.1 when accessing the websocket used by iwa, it is not accessible by Cross Domain security in Chrome.

That's why iwa is not available.

How to Pass parameters to IWA Application to get ...
FileServer of_logonfileserver does not work from ...
Responses (4)
Kai Zhao @Appeon
Kai Zhao @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 6 October 2021 00:26 AM UTC
  2. PowerServer 2020 or older (Obsolete)
  3. # 1

Hi Sang Chul Song,

For PowerServer 2021 and PowerClient, please try CSP policy like below.

<add name="Content-Security-Policy" value="default-src 'unsafe-inline' 'unsafe-eval' 'self' http://127.0.0.1:26568 http://127.0.0.1:26569 cloudapp:;" />

Please make sure it might need to clear browser cache to make the change take effect.


Regards,
ZhaoKai

Comment
There are no comments made yet.
Kai Zhao @Appeon
Kai Zhao @Appeon Accepted Answer Pending Moderation
  1. Thursday, 30 September 2021 05:55 AM UTC
  2. PowerServer 2020 or older (Obsolete)
  3. # 2

Hi Sang Chul Song,

My solution is for PowerServer 2020 IWA applications only. For IWA, do you mean PowerSever 2020 IWA application or PowerServer 2021 Cloud App Launcher?

For PowerSever 2020:
I tested it on IIS and it works. I have no experience with NGINX, please provide the NGINX config to us to reproduce the issue for more study, thanks.

For PowerServer 2021 and PowerClient:
The framework Cloud App Launcher is more complicated, I need more time to figure it out. I will keep you updated on the progress.

Regards,
ZhaoKai

Comment
There are no comments made yet.
Sang Chul Song
Sang Chul Song Accepted Answer Pending Moderation
  1. Wednesday, 29 September 2021 07:38 AM UTC
  2. PowerServer 2020 or older (Obsolete)
  3. # 3

The change was completed as the story said.

WebSever Type   : nginx

 

But it's the same phenomenon.

The same phenomenon occurs with PowerClient.

The test was done with http.

 

PowerClinet is same

 
Comment
There are no comments made yet.
Kai Zhao @Appeon
Kai Zhao @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 29 September 2021 05:57 AM UTC
  2. PowerServer 2020 or older (Obsolete)
  3. # 4

Hi Sang Chul Song,

Thanks for reporting this problem! We reproduced it on our end, please try work around the issue by modifying the CSP policy on the server side, for example:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Content-Security-Policy" value="default-src 'unsafe-inline' 'unsafe-eval' 'self' http://127.0.0.1:26508;" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>


Regards,
ZhaoKai

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.