Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Need to override document.domain for Same-Origin Policy Issue

SA-3115

Summary



We are looking for an extension point to introduce a custom JS file to override the document.domain attribute  to address a Same-Origin Policy Issue. 


Resolution



There is an extention point where developers can effectively set document.domain to resolve same domain origin policy issues when imbedding PRPC content into other applications. 


The pega_desktop_domainsuffix.js is included in all top level harnesses at runtime and contians the following code:

try {
    if (pega.d.pyDomain && pega.d.pyDomain ) {
        if (document.domain.lastIndexOf(pega.d.pyDomain) != -1) {
            document.domain = pega.d.pyDomain;
        }
    }
} catch (e) {}

The pega.d.pyDomain JS variable is set in DesktopWrapper_Variables if the clipboard property pxThread.pyDomain has a value. 

<pega:when test="pxThread.pyDomain != ''">
        pega.d.pyDomain = "<pega:reference name="pxThread.pyDomain" mode="javascript" />";
</pega:when>


The pxThread.pyDomain property needs to be set to a value during thread page initialization and by default is set to "" in Code-Security.ApplicationSetup which is a final rule. Therefore, it must be set to the desired value in Code-Security.ApplicationProfileSetup. This activity is an extention point but caution should be used when adding content to this rule as it is run during and thread page initialiation. 


1.    Copy ApplicationProfileSetup into your application ruleset.
2.    Add pxThread:Code-Pega-Thread to the pages and classes tab.
3.    Add a Property set step with pxThread as step page
4.    Set pyDomain to the domain setting needed.

The javascript in pega_desktop_domainsuffix insures proper usage of document.domain.  The value in pxThread.pyDomain must be the last part of the runtime document.domain.


Valid Usage Example:

Top Application domain:  http://abc.pega.com
PRPC application domain: http://123.pega.com
pxThread.pyDomain:  pega.com

Invalid Usage Example:

Top Application domain:  http://abc.pega.com
PRPC application domain: http://123.foo.com
pxThread.pyDomain:  pega.com
 

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us