You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Modern Forms Designer - Using window.location.replace is being flagged for cross origin

Forms Layout Designer
Updated September 25
posted on July 22 Show version history

I was using this method to redirect to a payment vendor's secure site and it was working when on the classic forms designer, but when I switched to the modern forms designer I started getting flagged for cross origin.

Since the user has already interacted with a web request button to generate the payment URL I do not want to ask them to click a hyperlink in order to proceed, that is confusing UI design.

After the web request is executed by clicking the button provided when adding a web request to a form, we want to direct them to the payment vendor's website keeping the URL visible at all times rather than in an iFrame where they can not see the domain.

The vendor then will pass them back to the secure app.laserfiche.com website after payment is completed and they can always check their URL to see where they are.

The error is 

Cross-Origin Request Blocked:  (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 404.

0 0
replied on July 23

Modern form custom script runs in iframe sandbox and does not allow change top navigation.

If you use window.open(url, '_blank') to open in a new tab it should work.

0 0
replied on July 24 Show version history

No luck with this, it does not do anything at all. We do need to stay in the same tab when taking payments though, new tabs would be if you want to visit a new site and keep the existing one open. When you make a payment with a payment vendor you go to that domain to charge your credit card then you are returned to your domain with transaction confirmation data.

 

window.open('https://www.google.com', '_blank');

 

0 0
replied on September 24

Chad, you mention app.laserfiche.com, so it sounds like this is for Laserfiche Cloud? If that's the case, you need to take it to Tech Support. We would need to add the payment website to the CORS header on our servers. 

If this is self-hosted, then the CORS headers on the Forms web server would need to be adjusted to allow the domain you're trying to use. 

0 0
replied on September 25

It is from Cloud. Does it require opening a support ticket?

My workaround was to rename the Web Request Rule button from Make Payment to Lock In Amounts. It would then set everything to read only (acting as if though it has a purpose) then create a hyperlink that says Make Payment. When they click the link it takes them to the page without any cross origin issues. But they have to click twice this way so that is why I re-framed the wording to remove some of the awkwardness.

The only time I get the cross origin issue is using the window.open method which was meant to remove one click in the interface so they could simply click Make Payment rather than Lock in Amounts > Make Payment.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...