HTTP server Configuration

Use this board for starting discussions, asking questions, and giving advice on Web programming for the IBM i platform (and predecessors.)
derick_castillo
New User
Posts: 2
Joined: Thu Oct 19, 2017 1:17 pm
First Name: Derick
Last Name: Castillo
Company Name: Brunswick
Contact:

HTTP server Configuration

Post by derick_castillo »

Hello,
The are two issues that we are running into:
1.- From profound trying to open an external website into an iframe. The issue is related to "samesite cookies" configuration. does anybody has a good solution for this issue?
2.- From profound trying to call an external API. The issue is related to "CORS policies" (same origin policies).

After some research seems like these two situations can be handle in the HTTP server. Does any body has an example of how to configure the HTTP server to handle one or both situations? or any other solution will help
Scott Klement
Experienced User
Posts: 2711
Joined: Wed Aug 01, 2012 8:58 am
First Name: Scott
Last Name: Klement
Company Name: Profound Logic
City: Milwaukee
State / Province: Wisconsin

Re: HTTP server Configuration

Post by Scott Klement »

Hello,

For (1), I'm not familiar with the problem. Profound UI uses very few cookies, and I don't think any of them are used at run-time... Why would samesite cookies come into play?

(2) Sounds like you need to change the HTTP server of the "external API", not the one that's hosting Profound UI. To bypass CORS checks, the API would have to add additional headers into the response it sends, or its HTTP server could add these headers. (Or, you could do the more conventional solution and not call the API from JavaScript code in the browser, but instead call it from your server-side code... that's the more conventional way to use APIs)
Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests