OWACurrent en:Server side Settings: Unterschied zwischen den Versionen
Aus Cryptshare Documentation
imported>Hartwigr Keine Bearbeitungszusammenfassung |
(Reworking to single page layout) |
||
| Zeile 1: | Zeile 1: | ||
-- | == Cross-Origin Resource Sharing (CORS) == | ||
{{InfoBox|title=CORS configuration is handled on the Cryptshare Server.|content=To avoid encountering this error, please refer to the [https://documentation.cryptshare.com/w/CSSCurrent_en:Connection#CORS Cryptshare Server Manual]. To grant access to an external server through the add-in, the administrator of said server must add the requesting domain to the CORS configuration of their server.}} | |||
= | === Explanation === | ||
CORS | [https://developer.mozilla.org/en-US/docs/Glossary/CORS Cross-Origin Resource Sharing], abbreviated as CORS, refers to receiving web resources like JavaScript, CSS files, etc. from other hosts than the one where the original resources are hosted. | ||
CORS poses a security threat, and is usually blocked by the [https://developer.mozilla.org/en-US/docs/Glossary/Same-origin_policy Same-origin Policy] (SOP). | |||
While using the Cryptshare for OWA add-in, it may occur that the add-in will attempt to contact a different Cryptshare Server ("Server B" henceforth) than the one hosting the add-in (Server A henceforth), e.g. to retrieve transfer data. If the CORS policies of Server B do not include Server A, the add-in will display an error screen similar to this: | |||
== Error Analysis, Support & Logging == | |||
In order to allow administrators easier access to error logs, it is possible to configure OWA to send its logs to the Cryptshare Server. | |||
Please refer to the relevant [https://documentation.cryptshare.com/w/CSSCurrent_en:Logging#Remote_Logging Cryptshare Server Manual article] for detailed instructions on how to set up remote logging. | |||
--- | {{WarnBox|title=SSL/HTTPS is mandatory.|content=Please note that without SSL/HTTPS, remote logging will be nonfunctional, as it is required to create the underlying server connection. Any errors can only be viewed on the error screen or the browser console, accessed by pressing F12 / Ctrl+Shift+I.}} | ||
== SSL & HTTPS Access == | |||
The Cryptshare for OWA add-in must be served through HTTPS to function, as is the case for any other OWA add-in. Please ensure that: | |||
* The base URL of the Cryptshare Server starts with https://. | |||
* HTTPS redirect is activated on the Cryptshare Server. | |||
* The manifest URL provided by the server starts with https://. | |||
* [https://documentation.cryptshare.com/w/CSSCurrent_en:Setting_up_an_SSL_Certificate A valid/trusted SSL certificate is installed on the Cryptshare Server.] | |||
* In case custom certificates not created by an official authority are used, the SSL certificate served by the Cryptshare Server must be correctly installed on the client. '''Please note that granting a "security exception" in the browser in lieu of this will not suffice.''' | |||
If any of these preconditions are not fulfilled, the add-in cannot function, users will be met with an SSL error, and this error screen will appear: | |||
Version vom 29. Januar 2024, 12:28 Uhr
Cross-Origin Resource Sharing (CORS)
CORS configuration is handled on the Cryptshare Server.
To avoid encountering this error, please refer to the Cryptshare Server Manual. To grant access to an external server through the add-in, the administrator of said server must add the requesting domain to the CORS configuration of their server.
Explanation
Cross-Origin Resource Sharing, abbreviated as CORS, refers to receiving web resources like JavaScript, CSS files, etc. from other hosts than the one where the original resources are hosted. CORS poses a security threat, and is usually blocked by the Same-origin Policy (SOP).
While using the Cryptshare for OWA add-in, it may occur that the add-in will attempt to contact a different Cryptshare Server ("Server B" henceforth) than the one hosting the add-in (Server A henceforth), e.g. to retrieve transfer data. If the CORS policies of Server B do not include Server A, the add-in will display an error screen similar to this:
Error Analysis, Support & Logging
In order to allow administrators easier access to error logs, it is possible to configure OWA to send its logs to the Cryptshare Server.
Please refer to the relevant Cryptshare Server Manual article for detailed instructions on how to set up remote logging.
SSL/HTTPS is mandatory.
Please note that without SSL/HTTPS, remote logging will be nonfunctional, as it is required to create the underlying server connection. Any errors can only be viewed on the error screen or the browser console, accessed by pressing F12 / Ctrl+Shift+I.
SSL & HTTPS Access
The Cryptshare for OWA add-in must be served through HTTPS to function, as is the case for any other OWA add-in. Please ensure that:
- The base URL of the Cryptshare Server starts with https://.
- HTTPS redirect is activated on the Cryptshare Server.
- The manifest URL provided by the server starts with https://.
- A valid/trusted SSL certificate is installed on the Cryptshare Server.
- In case custom certificates not created by an official authority are used, the SSL certificate served by the Cryptshare Server must be correctly installed on the client. Please note that granting a "security exception" in the browser in lieu of this will not suffice.
If any of these preconditions are not fulfilled, the add-in cannot function, users will be met with an SSL error, and this error screen will appear: