You are viewing limited content. For full access, please sign in.

Question

Question

CORS Issue with API in LF Forms 11 - window.location.host Empty

Version 11 Forms Layout Designer Forms
Updated two days ago
asked on November 14 Show version history

I'm encountering a CORS error when using our internal APIs in Laserfiche Forms 11, but everything works perfectly fine in Laserfiche Forms 10.

Additionally, I've noticed that window.location.host is returning an empty string, although I can see my domain listed in window.location.ancestorOrigins.

Has anyone else experienced this issue, or can you provide guidance on how to resolve it? Any help would be greatly appreciated!


 

Thank you in advance!

Screenshot 2024-11-14 185800.png
Screenshot 2024-11-14 185800.png (50.08 KB)
Download
0 0

Answer

SELECTED ANSWER
replied on November 14

I have tried to find a workaround - without success.

1 0

Replies

replied on November 14

Hi,

Could you please confirm if the CORS issue occurs using a Classic or Modern/Layout Designer form in Forms 11?

This is more likely related to Modern (Layout) vs Classic Designer than Forms 10 vs 11 specifically (though the Modern Designer didn't exist in 10).

In the Modern layout designer, the JavaScript sandbox does have a null origin. Classic shouldn't have this issue because everything runs from the same window context. Could you try using the internal API from a Classic form and see if the CORS issue appears?

0 0
View 3 previous replies
replied on November 14

Hi Samuel,

Thank you for the clarification.

To confirm, I am encountering the CORS issue when using the Modern Layout in Laserfiche Forms 11. Specifically, the issue occurs when trying to use our internal API endpoints to retrieve payment information. The request triggers a CORS error.

It works fine in the Classic Designer, but the CORS error appears when making the API call from a Modern Layout form. I suspect this may be related to how the JavaScript sandbox in the Modern layout handles the origin, as it seems to have a null origin, which might be causing the issue.

Could you please advise on how to resolve this CORS issue in the Modern Layout, or if there's anything specific I need to configure for API calls in this context?

Thanks in advance for your help!

1 0
replied on November 14

I've been stuck doing any API stuff in the Classic Designer due to the code in the Modern Designer running in the sandboxed iFrame.

0 0
replied on November 14

So, are API calls not possible in the Modern Layout due to the sandboxing restrictions, or is there a workaround?

0 0
SELECTED ANSWER
replied on November 14

I have tried to find a workaround - without success.

1 0
replied on November 14 Show version history

Thanks for your reply!

I appreciate you looking into this. It could save a lot of time and energy, knowing there's no workaround at the moment.

If you do come across anything later, I'd love to hear about it.

0 0
replied two days ago

It's an issue the Forms development team is aware of. We're tracking it internally under the umbrella of a larger item, ID# 543139, as this affects Laserfiche Cloud as well. No specific timelines currently available.

Any potential changes to the JavaScript sandbox have to undergo especially stringent security review as many of the "easy and obvious" ways to add functionality are potential sandbox escape paths malicious actors could exploit.

2 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...