Running a process link from externel page get 403

 
1
0
-1

Hi I need help,

Has somebody experience with this topic, I have a process running on Joget W/F Ent. v. 6.0.25 Server at domain-1, and a web page hosted on domain-2 with public access to our help-desk request Form. Actually it's a very simple html page with an iframe src, containing the link to the process hosted on domain-1, as seen below;

<html>
    <body>
<iframe src="https://domain-1/jw/web/client/app/gurme_itsr/4/process/gourme_exsr?start=true" frameborder="0" id="my-frame" width="100%" height="800"></iframe>
</body>
</html>

When I load the page :

POST https://domain-1/jw/web/json/plugin/org.joget.plugin.enterprise.AjaxSubForm/service 403 (Forbidden)  csrf:104

The Form has Anonymous access rights and can be kicked-off by anyone (public).

When I check the response Header:

HTTP/1.1 403 Forbidden
Server: Apache-Coyote/1.1
Access-Control-Allow-Origin: https://domain-1:8443
Access-Control-Allow-Credentials: true
Set-Cookie: JSESSIONID=0136D7C05D726C0FCDED53BFD9394F21; Path=/jw/; Secure; HttpOnly
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Date: Tue, 06 Oct 2020 15:11:00 GMT

options 200 OK

service 403


Awaiting your kind advice or how-to solve.


    CommentAdd your comment...

    2 answers

    1.  
      1
      0
      -1

      Thank you Chris for you kind help. 

      I just set both Whitelists with the correct domain and IP addresses, as you have suggested.

      Now it works but only on Firefox (No error received, that's great!)

      Chrome browser still the same (403) even I cleaned up and restart my browser.


      Best regards,

      Haldun

      1. Chris Angel

        Chromium-based browsers is known for caching certain calls or content. Try hard reloading (Ctrl-Shift-R) the browser/page.

      2. Haldun Bayrak

        No, it doesn't change anything,

        so I'm facing the error 403 only using Opera + Chrome Browser (:

        Firefox seem OK. (smile)

        Here is the link to the Test page, may you like to get more insight.

        Regards,

        Haldun

      3. Chris Angel

        Hi Haldun,

        I am able to navigate to the link you provided on Chrome without issues. I can see the page "Online Support".

        You can perhaps try clearing the cache and cookies in your browser. See how here: https://support.google.com/googleplay/answer/32050?co=GENIE.Platform%3DDesktop&hl=en-GB

        Best regards,
        Chris

      4. Chris Angel

        Or maybe, do try to access the page on a different device with different internet connection, so you can narrow down the scope of this issue.

      5. Haldun Bayrak

        U'r right, the support page loads but with an error 403 which holds me back to continue (press F12 and F5 twice to get more break-down levels related to the error ).

        Normally, I would continue by entering my Customer ID which shows me available Client's order Numbers but this is disabled for now. Anyway, then I choose one of the order Numbers from select Box to show up related order details. They are displayed in an Ajax Sub-form within a data grid object.

        All of this staff still not working in Chrome/Opera except loading Support page. 

        Best regards,

        Haldun

      CommentAdd your comment...
    2.  
      1
      0
      -1

      Did you whitelist your domain via the API Domain Whitelist or API IP Whitelist system properties in Joget General Settings?

      Reference: General Settings - SystemAdministrationSettings

        CommentAdd your comment...