x-frame-options (CORS) issue still persist

[shraddharsh]

Hi @tomolimo , I've been trying to configure processmaker but the CORS issue still persists i.e. opening the iframe in a different domain application (GLPI) than processmaker. Please note that I have done complete configuration of adding the same domain and using the processmaker with the plugin. Please find the screenshots below for your reference.

Processmaker version: 3.2.1 (Community release) Processmaker Plugin version: 3.2.8

Also Note: I have tried using the processmaker of your release but still face this issue.

[shraddharsh]

Is there a way that we can disable this security so as to run it in every domain?

[tomolimo]

Hello

1. There is no way to disable this security: it's managed by the browsers internally.
2. The only PM server you must have with current PM plugin must be the one I provide, otherwise you are going to face compatibility issues.
3. As a consequence of above, please remove the PM server 3.2.1, and reinstall the 3.0.1.8-RE-1.8
4. And then I'll be able to help you

Thank you Regards Tomolimo

[tomolimo]

Hello @shraddharsh,

In order to complete my answer regarding disabling of CORS: In fact we are not exactly in a CORS issue, as CORS is about ajax calls across domains, but here we are facing javascript access of a DOM in an iFrame that are not in the same domain than the main form. In fact this javascript issue could be worked around using a postMessage mechanism. It's planed to go this way, but it needs a lot of developments (and of course of tests), and it will probably be done by end of this year (depending on other mandatory works that will be on my desk in the meanwhile). BUT anyway the current mechanism must work also in your environment. Please re-install 3.0.1.8-RE-1.8, and I will help you to fix your issue (troubleshoot is possible): I may connect to your servers to check that if you want (I did that already for several other PM end-users, and fixeed their troubles).

Thank you, Regards, Tomolimo

[shraddharsh]

Hi @tomolimo , I have been trying to resolve this issue using apache configuration but to no avail. When trying to configure processmaker, I had to run it with a different port other than 80 since on port 80 glpi is configured.

Please find the configuration of processmaker below which I have done immense research and tried. ` <VirtualHost *:80>

DocumentRoot /opt/processmaker-server/workflow/public_html
\#    Alias /processmaker "/opt/processmaker-server/workflow/public_html/"
ServerName shradd.unotech.com
\#    ServerAlias processmaker.shrad.unotech.com
\#    ServerAlias shrad.unotech.com/processmaker
DirectoryIndex index.html index.php

\#    Header append X-Frame-Options ALLOWALL
\#    Header always unset X-Frame-Options
\#    Header always set X-Frame-Options "http://shrad.unotech.com"
\#    Header always set X-Frame-Options "ALLOW-FROM http://shradd.unotech.com/ 

http://shrad.unotech.com"

 <Directory /opt/processmaker-server/workflow/public_html/>

 \#       DocumentRoot /opt/processmaker/workflow/public_html

  Options Indexes FollowSymLinks MultiViews

  \# Options All

   AddDefaultCharset UTF-8
    AllowOverride All
    Require all granted
    ExpiresActive On

    Order allow,deny
    Allow from all

    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^.*/(.*)$ glpi/app.php [QSA,L,NC]
    </IfModule>
</Directory>

`

I believe for us to solve this issue we need to be using the same protocol, same domain as well as same port. I have even mentioned the code which I have tried and tested as commented.

[tomolimo]

Hello @shraddharsh

Normally, PM server can be run on a different port than the one of GLPI, but the protocol must be the same and must be HTTP (as currently HTPPS is not yet supported, it will in a near future).

In order to troubleshoot the issue, we need to use the development tools of your browser.

1. please confirm that you are using PM server 3.0.1.8-RE-1.8?
2. remind me also the GLPI version you are using
3. I propose to you to send me your test configuration as a virtual machine, do you think it will be possible for you? so that I can do some debug to help you troubleshooting this issue.

Thank you Regards, Tomolimo

[shraddharsh]

Hi @tomolimo , First of all I'd like to apologise for a late reply, secondly I'm glad that you offered me help.

We tried to do some testing on our other servers and came across this issue and strangely changed some virtual host configurations and the issue was resolved. I believe the configuration of processmaker was not performed as mentioned on the website.

To answer your above points

1. Yes I am using PM server 3.0.1.8-RE-1.8
2. GLPI version 9.2.4
3. using Docker machine 1.8

Thank you, Regards, Shraddharsh.