Openframe and CORS (or iFrame and cross-domain issue)

Aka Guglielmo
ServiceNow Employee
ServiceNow Employee

‎06-08-2018 08:46 AM

Hi there,

we're struggling with an integration between ServiceNow and a web bar phone.

The CTI guys give us an html URL that contains the JS to be used to interact with the phone infrastructure.

We configured an openframe to load the html inside servicenow, and it seems to work; but the browser is blocking the loading of the content of the frame since it's related to another domain (cross-domain issue or same-origin policy).

CTI guys suggested us to setup a reverse proxy server to resolve the issue.

I would like to have your ideas/experience about this topic.

 

Thanks!

William

Labels:
0 Helpfuls
  • 2,883 Views
3 REPLIES 3

Heraldo Valent1
Kilo Contributor

‎07-26-2019 12:35 PM

If you are getting the following error in the browser console:

Incoming message ignored due to origin mismatch.
OpenFrame init failed.. Openframe init request timed out
initFailure @ app.html:20
(anonymous) @ openFrameAPI.min.js:3
setTimeout (async)
(anonymous) @ openFrameAPI.min.js:3
init @ openFrameAPI.min.js:3
init @ openFrameAPI.min.js:3
loadOpenFrame @ app.html:23
onclick @ app.html:28

This is because the origin of the Openframe needs to be "white-listed", and this is achieved by adding such origin in the following system property:

glide.ui.concourse.onmessage_enforce_same_origin_whitelist

For example, if the origin of the Openframe were to be https://localhost:8080/index.html, you should add https://localhost:8080.

Here are the instructions on how to setup system properties: https://docs.servicenow.com/bundle/london-platform-administration/page/administer/reference-pages/ta...

We were also struggling with this issue, and couldn't find any documentation related to it, maybe this answer helps someone else in the future. And it would be really good if such essential configuration is added to the Openframe configuration guide (or at least mentioned!): https://docs.servicenow.com/bundle/madrid-customer-service-management/page/product/customer-service-...

MicahB
Tera Contributor

‎03-11-2024 06:05 AM

I am also having this error and cannot get it fixed when adding the origin to the glide.ui.concourse.onmessage_enforce_same_origin_whitelist system property:

 

AMB getClient() tried to access parent from an iFrame. Caught error: SecurityError: Failed to read a named property 'g_ambClient' from 'Window': Blocked a frame with origin "https://devxxxxx.service-now.com" from accessing a cross-origin frame

0 Helpfuls

MarcosGarcia
Tera Contributor
In response to MicahB

2 weeks ago

Hy MicahB I'm having the same issue. Do you fix that?

 

0 Helpfuls