Chrome blocks sessions request to NX5 using BEARER authetification on web client

Answered

Comments

3 comments

  • Avatar
    Andrey Terentyev

    Hello Miguel Dina,

    could you please elaborate on the following?

    What is the build number of the Server?

    It connects to NX over https to request media.

    Could you please share a code snippet or an URL you're connecting to?

    0
    Comment actions Permalink
  • Avatar
    Miguel Dina

    Hi there,

    Sorry, just now we see your answer. Too bad on our side. Here is the info.

    Built: 5.0.0.35745

    Our product name is IFA.

    Server Side:

    From the server side IFA request a session. The session delivers a token.
    POST https://10.1.10.75:7001/rest/v1/login/sessions 

    The token is passed to the Client Side. The client uses the token to request the session cookie from the VMS.
    It never gets to assign the cookie because the NX authentification method does not works with the browser security system.

    Client side 
    GET https://10.1.10.75:7001/rest/v1/login/sessions/vms-ab7909a962971e122fd6b672175c9dda-rpsf3Bp8ve?setCookie=true 
     
    function HttpRequestForNXV5(url) { 
        var requestOptions = { 
            method: 'GET', 
            redirect: 'follow' 
        }; 
     
        fetch(url, requestOptions) 
            .then(response => response.text()) 
            .then(result => console.log(result)) 
            .catch(error => console.log('error', error)); 
    }

    Thanks very much!
    Miguel Dina

    0
    Comment actions Permalink
  • Avatar
    Andrey Terentyev

    Hello Miguel,

    How can we get over this by receiving the cookie without disableing Chrome's security?.

    There is no solution for that, but disabling CORS security.

    You could create your own web service running on the same or other machine and communicate to it from your web page. The web service would transform your requests to API requests to the Server.

    0
    Comment actions Permalink

Please sign in to leave a comment.