Page 1 of 1

HTTP server Configuration

Posted: Mon May 11, 2020 7:24 am
by derick_castillo
Hello,
The are two issues that we are running into:
1.- From profound trying to open an external website into an iframe. The issue is related to "samesite cookies" configuration. does anybody has a good solution for this issue?
2.- From profound trying to call an external API. The issue is related to "CORS policies" (same origin policies).

After some research seems like these two situations can be handle in the HTTP server. Does any body has an example of how to configure the HTTP server to handle one or both situations? or any other solution will help

Re: HTTP server Configuration

Posted: Mon May 11, 2020 9:12 am
by Scott Klement
Hello,

For (1), I'm not familiar with the problem. Profound UI uses very few cookies, and I don't think any of them are used at run-time... Why would samesite cookies come into play?

(2) Sounds like you need to change the HTTP server of the "external API", not the one that's hosting Profound UI. To bypass CORS checks, the API would have to add additional headers into the response it sends, or its HTTP server could add these headers. (Or, you could do the more conventional solution and not call the API from JavaScript code in the browser, but instead call it from your server-side code... that's the more conventional way to use APIs)