Showing results for 
Search instead for 
Did you mean: 

CORS Finesse


I has a problem with CORS. I' m using Finesse 10.5 and would like to communicate with other application which is on other domain. I try to use some work arounds but it still not works.

I want to add headers like Access-Control-Allow-Origin but my question is how add this to Finesse server?

1 Accepted Solution

Accepted Solutions

The right way to communicate between two iFrames that are from different domains is to use postMessage(). Here is a fairly good write-up on this:

Good Luck!


View solution in original post

6 Replies 6

Level 5
Level 5

You could use the makerequest method from the Finesse JavaScript library...."//") + url, handler, params);

The WebService sample gadget give a good example how to use this functionality.

I use this method and this gadget.. My gadget is reworked WebService Sample gadget and it doesn't work. This gadget doesnt fix problem CORS.

My application is inside Iframe which is in the gadget and they aren't in the same domain, and here is my problem.

If you are trying to get data from a different domain (i.e. JSON, XML) then makeRequest method should work.

If you are trying to load a website in an IFRAME, then there are a few considerations. One, some websites will not load in an IFRAME. is an example. Also, sometimes specifying the prefix HTTP or HTTPS can cause a conflict. It is often best to just use //, for example // instead of

oh I'm sorry, I forget that I use makeRequest but not to this application in Iframe. I can't use this to this app in Iframe.

so what could be my problem:

I has gadget, in this gagdet I has Iframe with my oher site (application). It is working by http and https. I want to communicate by:

- from gadget to Iframe by: document.getElementById("iFrame1").contentWindow; or something like that;

- from Iframe to gadget by use: parent; or something like that;

But I have errors:

- from gadget to Iframe: permission denied;

- from Iframe to gadget: access is denied.

I must add that the content of gadget is working when stand alone from finesse (when I open address to html site which is content of my gadget), but when is run inside Finesse, as gadget it shows that errors.

The right way to communicate between two iFrames that are from different domains is to use postMessage(). Here is a fairly good write-up on this:

Good Luck!


I used postMessage, an it is working. But it is work around method for me and I would like to find some solution which let me call methods directly, without sending string between two applications.

Maybe I will describe it with more details:

I have Finesse gadget with two iframes. Inside both iframes are applications which communicate between their. One of application communicate with Finesse too (by REST API and listen to events, it is reworked WebServiceSampleGadget). and now communication between applications in iframes is working because I add next iframe which contains these two iframes. But now I must use postMesage to communicate with Finesse gadget methods because Iframes are on other domain than Finesse with gadget. This is my method which is working but I don't like this solution.

I would like to use this method:

gadget contain my first application. First application contain iframe with second app, so I have only one iframe. And it is working when stand alone but when I run this inside Finesse is access denied. I specially turn gadget to the same server as second application and when I show document.domain from both applications is the same, but I have error access is denied when try to work without postmessage.

What Finesse make with gagdets, that this is happening?