Chrome blocks sessions request to NX5 using BEARER authetification on web client
AnsweredHi to all,
We have a project which is stuck over this. Please help us out.
THE CASE
- Our web app name is IFA.
- It connects to NX over https to request media.
- After connecting to NX and sending the session request the received cookie is blocked by the Chrome browser because it comes from a different domain.
QUESTION
How can we get over this by receiving the cookie without disableing Chrome's security?.
MORE
We are aware of other less secure authetification methods (URL Based) that could be used for this matter but since this product is intended for the financial sector, security is a most.
Please advise on how to procced.
Thanks in advance,
Miguel Dina
-
Hello Miguel Dina,
could you please elaborate on the following?
What is the build number of the Server?
It connects to NX over https to request media.
Could you please share a code snippet or an URL you're connecting to?
-
Hi there,
Sorry, just now we see your answer. Too bad on our side. Here is the info.Built: 5.0.0.35745
Our product name is IFA.
Server Side:
From the server side IFA request a session. The session delivers a token.
POST https://10.1.10.75:7001/rest/v1/login/sessionsThe token is passed to the Client Side. The client uses the token to request the session cookie from the VMS.
It never gets to assign the cookie because the NX authentification method does not works with the browser security system.Client side
GET https://10.1.10.75:7001/rest/v1/login/sessions/vms-ab7909a962971e122fd6b672175c9dda-rpsf3Bp8ve?setCookie=true
function HttpRequestForNXV5(url) {
var requestOptions = {
method: 'GET',
redirect: 'follow'
};
fetch(url, requestOptions)
.then(response => response.text())
.then(result => console.log(result))
.catch(error => console.log('error', error));
}Thanks very much!
Miguel Dina -
Hello Miguel,
How can we get over this by receiving the cookie without disableing Chrome's security?.
There is no solution for that, but disabling CORS security.
You could create your own web service running on the same or other machine and communicate to it from your web page. The web service would transform your requests to API requests to the Server.
Please sign in to leave a comment.
Comments
3 comments