Hello,
The are two issues that we are running into:
1.- From profound trying to open an external website into an iframe. The issue is related to "samesite cookies" configuration. does anybody has a good solution for this issue?
2.- From profound trying to call an external API. The issue is related to "CORS policies" (same origin policies).
After some research seems like these two situations can be handle in the HTTP server. Does any body has an example of how to configure the HTTP server to handle one or both situations? or any other solution will help
HTTP server Configuration
-
- New User
- Posts: 2
- Joined: Thu Oct 19, 2017 1:17 pm
- First Name: Derick
- Last Name: Castillo
- Company Name: Brunswick
- Contact:
-
- Experienced User
- Posts: 2711
- Joined: Wed Aug 01, 2012 8:58 am
- First Name: Scott
- Last Name: Klement
- Company Name: Profound Logic
- City: Milwaukee
- State / Province: Wisconsin
Re: HTTP server Configuration
Hello,
For (1), I'm not familiar with the problem. Profound UI uses very few cookies, and I don't think any of them are used at run-time... Why would samesite cookies come into play?
(2) Sounds like you need to change the HTTP server of the "external API", not the one that's hosting Profound UI. To bypass CORS checks, the API would have to add additional headers into the response it sends, or its HTTP server could add these headers. (Or, you could do the more conventional solution and not call the API from JavaScript code in the browser, but instead call it from your server-side code... that's the more conventional way to use APIs)
For (1), I'm not familiar with the problem. Profound UI uses very few cookies, and I don't think any of them are used at run-time... Why would samesite cookies come into play?
(2) Sounds like you need to change the HTTP server of the "external API", not the one that's hosting Profound UI. To bypass CORS checks, the API would have to add additional headers into the response it sends, or its HTTP server could add these headers. (Or, you could do the more conventional solution and not call the API from JavaScript code in the browser, but instead call it from your server-side code... that's the more conventional way to use APIs)
Who is online
Users browsing this forum: No registered users and 5 guests