OWACurrent en:Server side Settings
Cross-Origin Resource Sharing (CORS)
Explanation
Cross-Origin Resource Sharing, abbreviated as CORS, refers to receiving web resources like JavaScript, CSS files, etc. from other hosts than the one where the original resources are hosted. CORS poses a security threat, and is usually blocked by the Same-origin Policy (SOP). While using the Cryptshare for OWA add-in, it may occur that the add-in will attempt to contact a different Cryptshare Server ("Server B" henceforth) than the one hosting the add-in (Server A henceforth), e.g. to retrieve transfer data. If the CORS policies of Server B do not include Server A, the add-in will display an error screen similar to this:
In order to alleviate this issue, the administrator of Server B must add Server A's URI to their CORS settings.
Error Analysis, Support & Logging
In order to allow administrators easier access to error logs, it is possible to configure OWA to send its logs to the Cryptshare Server.
Please refer to the relevant Cryptshare Server Manual article for detailed instructions on how to set up remote logging.
SSL & HTTPS Access
The Cryptshare for OWA add-in must be served through HTTPS to function, as is the case for any other OWA add-in. Please ensure that:
- The base URL of the Cryptshare Server starts with https://.
- HTTPS redirect is activated on the Cryptshare Server.
- The manifest URL provided by the server starts with https://.
- A valid/trusted SSL certificate is installed on the Cryptshare Server.
- In case custom certificates not created by an official authority are used, the SSL certificate served by the Cryptshare Server must be correctly installed on the client. Please note that granting a "security exception" in the browser in lieu of this will not suffice.
If any of these preconditions are not fulfilled, the add-in cannot function, users will be met with an SSL error, and this error screen will appear: