Openframe and CORS (or iFrame and cross-domain issue)

Aka Guglielmo
ServiceNow Employee
ServiceNow Employee

Hi there,

we're struggling with an integration between ServiceNow and a web bar phone.

The CTI guys give us an html URL that contains the JS to be used to interact with the phone infrastructure.

We configured an openframe to load the html inside servicenow, and it seems to work; but the browser is blocking the loading of the content of the frame since it's related to another domain (cross-domain issue or same-origin policy).

CTI guys suggested us to setup a reverse proxy server to resolve the issue.

I would like to have your ideas/experience about this topic.

 

Thanks!

William

2 REPLIES 2

Heraldo Valent1
Kilo Contributor

If you are getting the following error in the browser console:

Incoming message ignored due to origin mismatch.
OpenFrame init failed.. Openframe init request timed out
initFailure @ app.html:20
(anonymous) @ openFrameAPI.min.js:3
setTimeout (async)
(anonymous) @ openFrameAPI.min.js:3
init @ openFrameAPI.min.js:3
init @ openFrameAPI.min.js:3
loadOpenFrame @ app.html:23
onclick @ app.html:28

This is because the origin of the Openframe needs to be "white-listed", and this is achieved by adding such origin in the following system property:

glide.ui.concourse.onmessage_enforce_same_origin_whitelist

For example, if the origin of the Openframe were to be https://localhost:8080/index.html, you should add https://localhost:8080.

Here are the instructions on how to setup system properties: https://docs.servicenow.com/bundle/london-platform-administration/page/administer/reference-pages/ta...

We were also struggling with this issue, and couldn't find any documentation related to it, maybe this answer helps someone else in the future. And it would be really good if such essential configuration is added to the Openframe configuration guide (or at least mentioned!): https://docs.servicenow.com/bundle/madrid-customer-service-management/page/product/customer-service-...

MicahB
Tera Contributor

I am also having this error and cannot get it fixed when adding the origin to the glide.ui.concourse.onmessage_enforce_same_origin_whitelist system property:

 

AMB getClient() tried to access parent from an iFrame. Caught error: SecurityError: Failed to read a named property 'g_ambClient' from 'Window': Blocked a frame with origin "https://devxxxxx.service-now.com" from accessing a cross-origin frame