cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Smartedit in 2005 shows "Disallowed Storefront" (whitelistedStorefront is correctly configured)

former_member709283
Explorer

on ‎02-01-2021 10:33 AM

0 Kudos

Problem

We are upgrading from 1905 to 2005.

When entering smartedit, a lot of messages "disallowed storefront is trying to communicate with smarteditcontainer" are printednin the browser console. This does occur immediately after login when browsing the catalogs and pages (so even before the spartacus storefront is involved when editing pages and using the preview functionality).

Description of the situation:

  • The configuration of the whitelistedStorefronts is set correctly to 
[
  "https://localhost:4200"
]
  • The requests from the spartacus storefront (from https://localhost:4200) are handled correctly but the requests by the smartedit application itself (coming from https://localhost:9002) result in the error message "disallowed storefront..."
  • This also happens for an unchanged installation of the standard Sap Commerce 2005 and we found out that in the file in the method '_isAllowed' in gatewayFactory.js there are changes between 1905 and 2005:

1905:

/**
     * allowed if receiving end is frame or [container + (white listed storefront or same origin)]
     */
    GatewayFactory.prototype._isAllowed = function (origin) {
        var _this = this;
        var whiteListedStorefronts = this.injector.get(GatewayFactory_1.WHITE_LISTED_STOREFRONTS_CONFIGURATION_KEY, []);
        return this.windowUtils.isIframe() || this.urlUtils.getOrigin() === origin || (whiteListedStorefronts.some(function (allowedURI) {
            return _this.stringUtils.regExpFactory(allowedURI).test(origin);
        }));
    };
    var GatewayFactory_1;
    /**
     * @description
     * the name of the configuration key containing the list of white listed storefront domain names
     */
    GatewayFactory.WHITE_LISTED_STOREFRONTS_CONFIGURATION_KEY = 'whiteListedStorefronts';
    /*

2005:

/**
     * allowed if receiving end is frame or [container + (origin same as loaded iframe)]
     */
    GatewayFactory.prototype._isAllowed = function (origin) {
        return (
        // communication from container to iframe already secured by webApplicationInjector
        this.windowUtils.isIframe() ||
            // communication from iframe to container strictly limiting to domain loaded in iframe
            this.windowUtils.getTrustedIframeDomain() === origin);
    };
    var GatewayFactory_1;
    /*

Question:

How and where do we have to configure the access from http://localhost:9002 so that the _isAllowed in the 2005 version is not giving back "false" (and therefore the log messages do not happen)?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

pj_delaere
Explorer
‎02-06-2023 3:34 PM
0 Kudos

Hi,

any updates on this?

Show replies
Show replies
fionnziegler2
Explorer
‎06-09-2022 10:43 AM
0 Kudos

Having the exact same problem but not the Augury Chrome Extension installed. Any other solution here?

Show replies
Show replies
former_member709283
Explorer
‎02-03-2021 10:57 AM
0 Kudos

We evaluated this issue further and this is the result.

Result of Evaluation:

The cause for the issue is an interference from the Augury Chrome Extension (Extension for debugging and profiling Angular applications in google chrome).

With deactivation of the extension, the issue is resolved.

Show replies
Show replies
Ask a Question