Hi,

I am working through the embedding of Fintoso app as per docs. Currently I am getting below two errors -
1) Refused to apply style from 'http://localhost:3000/ibi_apps/logon/resources/S88_15556327241F/wfelogon.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
2) Refused to display 'http://localhost:3000/ibi_apps/logon/resources/markup/blank.html' in a frame because it set 'X-Frame-Options' to 'deny'.

Pls help. We do not see the configuration for 'X-Frame-Options in the Admin Console anymore. I believe it does not exist anymore.

This message has been edited. Last edited by: FP Mod Chuck,

Pls correct the typo in the heading -
*Enable embedding Fintoso App - CORS Issue

You can edit the title by editing your first post.

Thanks, I updated it. Any suggestions on the errors I am seeing

You can enable the CORS setting in the Admin console.

Launch Administration Console.
Configuration Tab
Application Settings --> Filters

Cross site Scripting Protection --> Choose False from the Drop down.
Also Uncheck
Cross site scripting Protection block.

Save the changes.

CORS should be enabled on both Web focus And the Application where you want to embed the portal.

Initially we were getting CORS errors and updated the setting to enable it.
Now CORS error is gone, and we do see the response HTML, however, the page renders with below errors.
-
Refused to apply style from 'http://localhost:3000/ibi_apps/logon/resources/S88_15556327241F/wfelogon.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
about:blank:1 Refused to display 'http://localhost:3000/ibi_apps/logon/resources/markup/blank.html' in a frame because it set 'X-Frame-Options' to 'deny'.
about:blank:1 Refused to apply style from 'http://localhost:3000/ibi_apps/logon/resources/S88_15556327241F/menuJQ.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

And get below errors, when we put in user ffadv and click sign in
VM2124 about:blank:1 Uncaught ReferenceError: onLogonKeyPress is not defined
at HTMLInputElement.onkeypress (VM2124 about:blank:1)
onkeypress @ VM2124 about:blank:1
about:blank:1 Uncaught ReferenceError: Signin is not defined
at HTMLInputElement.onclick (VM2124 about:blank:1)

It looks like the web application is expecting same origin. Where do you embed the WebFOCUS portal? Is it .net or java application?

This is a javascript application.

Create a html page in your local machine. and use your portal URL in iframe src.

Copy the code below.

 < !DOCTYPE html>
<html>
<body>

<iframe src="https://hostname/ibi_apps/bip/portal/Retail_Samples" style="border:0px #ffffff none;" name="myiFrame" scrolling="no" frameborder="1" marginheight="0px" marginwidth="0px" height="800px" width="1200px" allowfullscreen></iframe>

</body>
</html> 

if it works then the CORS Settings in Webfocus in good. You have to troubleshoot the setting in your java script application .

like add the header request ("Access-Control-Allow-Origin","*") .

This message has been edited. Last edited by: Satheesh Babu,

Hi Sateesh,

So I modified the html with your iframe and I see the URL called is https://hostname/ibi_apps/signin.
Unable to figure out if the error is originating from Webfocus or local machine. I also tried changing chrome extension to allow cross origin as per below-
https://chrome.google.com/webs...dihlkkiljbi?hl=en-US

The error I see is -
Refused to display 'https://hostname/ibi_apps/signin' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I tried adding header in html like below and still see the same error -
< !DOCTYPE html>
< html>
< head>
< meta http-equiv="Access-Control-Allow-Origin" content="*"/>
< /head>


<iframe src="https://hostname/ibi_apps/bip/portal/Retail_Samples" style="border:0px #ffffff none;" name="myiFrame" scrolling="no" frameborder="1" marginheight="0px"
marginwidth="0px" height="800px" width="1200px" allowfullscreen>

This message has been edited. Last edited by: sval,

In the browser access webfocus URL and login. Once the authentication is completed try to run the HTML page.

[QUOTE]Originally posted by sval:
Below is the html page I have, currently this errors with invalid xml for the first POST method. If I change it to html, the page renders with previously mentioned errors.


< !DOCTYPE html>
< html>

< head>
< title>
< meta charset="utf-8" />
< script type="text/javascript" src="http://code.jquery.com/jquery-3.1.0.js">

<script type="text/javascript"
src="https://cdnjs.cloudflare.com/ajax/libs/jquery-ajaxtransport-xdomainrequest/1.0.4/jQuery.XDomainRequest.js">
<script type="text/javascript">
var csrf_name; var csrf_value;
var frameToBeWorkedOn = "#AjaxPlaceHolder";
var contentType = "application/x-www-form-urlencoded; charset=utf-8";

$(document).ready(function (IBIRS_action, IBIRS_userName, IBIRS_password) {
if (window.XDomainRequest)
contentType = "text/plain";
var method = "POST";
var webMethod = "https://hostname/ibi_apps/signin";
var IBIRS_action = "signOn";
var IBIRS_userName = "ffadv";
var IBIRS_password = "";
var parameters = 'IBIRS_action=' + IBIRS_action + '&IBIRS_userName=' + IBIRS_userName + '&IBIRS_password=' + IBIRS_password;

$.ajax({
type: "POST",
url: webMethod,
data: parameters,
dataType: "xml",
xhrFields: { withCredentials: true },
crossDomain: true,
contentType: contentType,
success: xmlParser,
error: function (jqXHR, textStatus, errorThrown) { alert("You can not send Cross Domain AJAX requests: XML " + errorThrown); }
})
});
function xmlParser(xml) {
$(xml).find("entry").each(function () {
if ($(this).attr("key") == "IBI_CSRF_Token_Name") { csrf_name = $(this).attr("value"); }
if ($(this).attr("key") == "IBI_CSRF_Token_Value") { csrf_value = $(this).attr("value"); }
});
runReport();
}

function runReport() {
if (window.XDomainRequest)
contentType = "text/plain";
var method = "POST";
var webMethod = "https://hostname/ibi_apps/portal/Fintoso/Fintoso_Financial";
var IBIRS_action = "signOn";
var IBIRS_userName = "ffadv";
var IBIRS_password = "";

$.ajax({
type: "POST",
url: webMethod,
data: parameters,
dataType: "html",
xhrFields: { withCredentials: true },
crossDomain: true,
contentType: contentType,
complete: function (xhr, status) {
$("AjaxPlaceHolder").html(xhr.responseText);
document.AjaxPlaceHolder.document.body.innerHTML = xhr.responseText;
},

error: function (jqXHR, textStatus, errorThrown) { alert("You can not send Cross Domain AJAX requests: XML " + errorThrown); }
})
}



< body>
< iframe id="AjaxPlaceHolder" name="AjaxPlaceHolder" style="border:0px #ffffff none;" name="myiFrame" scrolling="no"
frameborder="1" marginheight="0px" marginwidth="0px" height="800px" width="1200px" allowfullscreen>


< /html>

I am not sure how do you test this page. Lets try this step by step.
First step is to make sure the CORS is working.
1. Create Test portal in Webfocus
2. Create HTML Page in your desktop using below code.(do not use your page)

Replace the src with your portal url.

 
 < !DOCTYPE html>
<html>
<body>

<iframe src="https://hostname/ibi_apps/bip/portal/Retail_Samples" style="border:0px #ffffff none;" name="myiFrame" scrolling="no" frameborder="1" marginheight="0px" marginwidth="0px" height="800px" width="1200px" allowfullscreen></iframe>

</body>
</html> 
 

3. Open Browser and login to webfocus. The session will be established.
4. Now run the HTML page. If it works then you should be able to embed webfocus. If it is not working then your CORS settings are incorrect in the Web focus. You have to fix it in the admin console filter section.

If the above scenario is successful then you have to use your page to test it.

5. You have to deploy the page in web server (IIS or Tomcat) and run from there.
6. Your signon function URL is wrong . You are using Web focus login form instead of the Web service.

Change
var webMethod = "https://hostname/ibi_apps/signin";

to
var webMethod = "https://hostname/ibi_apps/rs/ibfs";

I ran steps 1-4. And I get below error -
Refused to display 'https://hostname/ibi_apps/portal/Fintoso/Fintoso_Financial' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

We updated the filters and Cross-Origin settings. Is there any other admin setting we might have missed.

It confirms your CORS Settings are incorrect in the Webfocus.

https://ibb.co/k0jhKzJ

Please check your cors settings and compare it with the screenshot.if it is incorrect fix it and save and bounce the webfocus.

We do have the yellow highlighted settings. However, below are different. Not sure if it effects it -
- Cross Site Request Forgery Protection = checked
- Cache Control Header = no-cache, max-age=0
- Expires Header = 0

I would also like to point out that when we paste below URL in browser -
https://hostname/ibi_apps/port...so/Fintoso_Financial

It routes to -
https://hostname/ibi_apps/signin

And after logging in with user/(blank) pwd it routes back to the Fintosio URL

Not sure if that is an issue.

If there is no active user session it will redirect to the sign in page. it is not an issue.
Cross site forgery settings nothing to do with CORS. have you tried restarting the Webfocus client after making the change?
if it still not working you may have to open a ticket with tech support.