Relaxing Same Origin Policy on IAC
We are currently using Pega 7.1.7 in the cloud as well as IAC. We are integrating Pega into a 3rd party asp.net based application. The application is working however we are getting errors in the JavaScript console related to the same origin policy, which are rightfully valid.
For instance:
XMLHttpRequest cannot load https://someclient.pegacloud.com/prgateway/PRPCGateway. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://secure.somedomain.com' is therefore not allowed access.
pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught SecurityError: Blocked a frame with origin "https://someclient.pegacloud.com" from accessing a frame with origin "https://secure.somedomain.com". Protocols, domains, and ports must match.
We are currently using Pega 7.1.7 in the cloud as well as IAC. We are integrating Pega into a 3rd party asp.net based application. The application is working however we are getting errors in the JavaScript console related to the same origin policy, which are rightfully valid.
For instance:
XMLHttpRequest cannot load https://someclient.pegacloud.com/prgateway/PRPCGateway. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://secure.somedomain.com' is therefore not allowed access.
pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught SecurityError: Blocked a frame with origin "https://someclient.pegacloud.com" from accessing a frame with origin "https://secure.somedomain.com". Protocols, domains, and ports must match.
pzpega_ui_backbone_1798164053!pzpega_ui_jstree_1188219908!pzpega_ui_designer_tree_bundle_12945517662!!.js:5 Uncaught TypeError: Cannot read property 'start' of undefined
We would like to relax the same origin policy on the IAC instance by enabling cross-origin resource sharing (CORS). Specially, adding “https://secure.somedomain.com” to the Access-Control-Allow-Origin header. See:
http://enable-cors.org/server_tomcat.html
The application itself is working but we do not want these erros and would like the DOMSto be accessible by the iframes. Does Pega have any other clients that are doing this? What does Pega recommend?
Thanks,