exportDisplay iFrame "requests to the server have been blocked by an extension"

I have copied the XrayImage code from your Pet Clinic app and adapted it for my application. It works perfectly when run locally on my PC using the embedded Tomcat server. However, when I deploy as an UberJar with a frontend of Nginx, the images upload fine but will not display. The Previewer Window says “requests to the server have been blocked by an extension” in Chrome. In Firefox, the window is just empty.

Check the Google Docs, it appears that an iFrame will not display an external document. See: https://developer.chrome.com/apps/app_external

Here’s what I see in the Chrome developer console:

If we used a “webview” rather than an “iFrame”, would that solve the issue?

An additional note: I tried starting chrome with --disable-extensions and I manually disabled all extensions. I still get the same error, so I am not sure what “extension” the error message is referring to.

The plot thickens… If I go direct to the UberJar port, it works fine. Since it is not directly a Cuba problem, I will just continue to document here. Of course, feedback is always welcome!

The problem appears to be my Nginx Proxy setup. Here’s what I have - very simple setup:

location /rentals {
  proxy_pass http://localhost:8080;

Note that since this is an internal web site I did not bother setting up SSL. That will be my next plan of attack.

I could always get rid of the proxy, but I will eventually have more than one UberJar application running. I wanted to make the URLs cleaner and not require users to know the port numbers directly.

Figuring it was a URL issue, I added the following to my UberJar deployment App properties:

'cuba.webHostName'            : 'merge03',
'cuba.webAppUrl'              : 'http://merge03/rentals',
'cuba.connectionUrlList'      : 'http://merge03/rentals-core'

merge03 is my host. Rentals is my app. There was no change in the url used to reference the image and I still get the same error.

Does anybody have any suggestions on what to try next?

I am pleased to announce that I finally found the issue. My nginx configuration has:

add-header Content-Security-Policy "default-src 'self'; ...."

I had to add:

add-header Content-Security-Policy "default-src 'self'; frame-src 'self'; ...."

This gives iframes the ability to reference the local web site (but no others), as I understand it.

1 Like