Is the Nx Cloud up? Visit our Status Page for the current health and performance of the Nx Cloud.

Status Page

Chrome blocks sessions request to NX5 using BEARER authetification on web client

Answered
Miguel Dina

Hi to all,

We have a project which is stuck over this. Please help us out.

THE CASE

  • Our web app name is IFA.
  • It connects to NX over https to request media.
  • After connecting to NX and sending the session request the received cookie is blocked by the Chrome browser because it comes from a different domain.

 

QUESTION

How can we get over this by receiving the cookie without disableing Chrome's security?.

 

MORE

We are aware of other less secure authetification methods (URL Based) that could be used for this matter but since this product is intended for the financial sector, security is a most.

 

Please advise on how to procced.

Thanks in advance,
Miguel Dina

0

Comments

3 comments

Date Votes
  • Andrey Terentyev
    • Network Optix team

    Hello Miguel Dina,

    could you please elaborate on the following?

    What is the build number of the Server?

    It connects to NX over https to request media.

    Could you please share a code snippet or an URL you're connecting to?

    0
  • Miguel Dina

    Hi there,

    Sorry, just now we see your answer. Too bad on our side. Here is the info.

    Built: 5.0.0.35745

    Our product name is IFA.

    Server Side:

    From the server side IFA request a session. The session delivers a token.
    POST https://10.1.10.75:7001/rest/v1/login/sessions 

    The token is passed to the Client Side. The client uses the token to request the session cookie from the VMS.
    It never gets to assign the cookie because the NX authentification method does not works with the browser security system.

    Client side 
    GET https://10.1.10.75:7001/rest/v1/login/sessions/vms-ab7909a962971e122fd6b672175c9dda-rpsf3Bp8ve?setCookie=true 
     
    function HttpRequestForNXV5(url) { 
        var requestOptions = { 
            method: 'GET', 
            redirect: 'follow' 
        }; 
     
        fetch(url, requestOptions) 
            .then(response => response.text()) 
            .then(result => console.log(result)) 
            .catch(error => console.log('error', error)); 
    }

    Thanks very much!
    Miguel Dina

    0
  • Andrey Terentyev
    • Network Optix team

    Hello Miguel,

    How can we get over this by receiving the cookie without disableing Chrome's security?.

    There is no solution for that, but disabling CORS security.

    You could create your own web service running on the same or other machine and communicate to it from your web page. The web service would transform your requests to API requests to the Server.

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post