Flowfuse cross domain settings (cor?)

BryanOgd · 18 April 2024 15:31

need a cross domain iframe
which I think is usually done via the settings.js

{
  "origin": "*",
  "methods": "GET,PUT,POST,DELETE",
  "optionsSuccessStatus": 204,
  "headers": {
    "Content-Security-Policy": "frame-ancestors 'self' https://example.com;"
  }
}

what is the method in flow fuse?

BryanOgd · 8 August 2024 16:35

Can I get a bump here - I wasn't having any issues with cross domain posting until I updated flow fuse now my forge rejects the iframe call

basically I have a chatbot distributed through a http node - that gives me the following error when embedded in an iframe @ forge.ai4socialservice.com refused to connect.

***note what IM trying to do is embed the http node link output html in a iframe not the editor

Any help with this appreciated

knolleary · 8 August 2024 16:44

Hi @BryanOgd

I think you're hitting this issue: CSP policy getting applied to httpNode routes · Issue #262 · FlowFuse/nr-launcher · GitHub

I'll bump it up to get looked at sooner.

knolleary · 8 August 2024 16:45

@BryanOgd as noted in the linked issue, a potential workaround is to edit your instance settings to modify the path the editor is served from. By default that is / - which causes its security policy to get applied to all requests. If you were to change that to, for example /editor, then the routes served by your node-red flows shouldn't get the security policy applied.

BryanOgd · 8 August 2024 17:16

thanks I do have my editors at their own links. -- IFRAMED placement of http links generated by node-red works in my instal of flowfuse v2.1.0 and now not in v3.0.1

This brought up another issue as I vainly tried to effect the cross domain settings in my host with

Open the flowforge.yml file and ensure it allows embedding from your domain. Add or modify the following settings:

server:
  # Other settings...

  headers:
    Content-Security-Policy: "frame-ancestors 'self' https://impactaiinc.com"
    X-Frame-Options: "ALLOW-FROM https://impactaiinc.com"

  # Other settings...

However when I tried docker compose up I got wacky ngnix 502 errors V3.0.1
So I just saved the flows and reinstalled the whole flowfuse and now Im scared to even touch flowforge.yml or really even restart the flowfuse at all - but this still leaves me without a chatbot embedded in another off domain webpage

I saw a recent 502 errors post that required an update --

Topic		Replies	Views
Flow fuse webhook General flowfuse	10	82	23 September 2024
Configuring Flowfuse Self-Hosted with access from another machines in the same network General flowfuse	5	54	12 November 2024
FlowFuse: How do you you setup HTTPS on a local install with your own certs? FlowFuse flowfuse	5	187	17 July 2024
Embed FlowFuses NodeRed into Application Vendors	1	106	21 February 2024
AWS Marketplace FlowFuse	11	231	13 March 2024

Flowfuse cross domain settings (cor?)

Related topics