Comments (15)
@m-hellesen Could you help take a look this issue? Thanks.
from office-js.
Thanks so much for the detailed information and for giving us a sample add in. Questions for you while I look into it, has this worked for you in the past? Have you taken a look at this portion of the docs about cross domain messaging? https://learn.microsoft.com/en-us/office/dev/add-ins/develop/dialog-api-in-office-add-ins#cross-domain-messaging-to-the-dialog-runtime
from office-js.
Thanks so much for the detailed information and for giving us a sample add in. Questions for you while I look into it, has this worked for you in the past? Have you taken a look at this portion of the docs about cross domain messaging? https://learn.microsoft.com/en-us/office/dev/add-ins/develop/dialog-api-in-office-add-ins#cross-domain-messaging-to-the-dialog-runtime
Hi!
Thank you for looking into this. I did a small rebuild of our Add-In in December last year, moving from iframe popup to popup window. Then this workflow was working (open popup window with own domain -> redirect to other domain -> redirect back to same domain -> pass message to host page). I had to turn off some security headers to make it work (crossOriginOpenerPolicy and crossOriginResourcePolicy) but then it worked.
I'm not trying to message cross domain, I want to send the message after going back to same the same domain as the host page.
from office-js.
@cattermo I have run into similar issues with Office Online. After redirecting and coming back to the same origin, it can't communicate with the add-in. I suspect it's due to losing the original window.opener
reference -- not sure.
I found a solution which involves never redirecting the dialog window. Instead, you pop open a second window and do the redirect flow there. You communicate with the original dialog window via BroadcastChannel.
https://github.com/jim22k/OfficeOnlineDialog/tree/main
from office-js.
@cattermo I have run into similar issues with Office Online. After redirecting and coming back to the same origin, it can't communicate with the add-in. I suspect it's due to losing the original
window.opener
reference -- not sure.I found a solution which involves never redirecting the dialog window. Instead, you pop open a second window and do the redirect flow there. You communicate with the original dialog window via BroadcastChannel.
This sounds like a good workaround if the office-js team does not manage to solve the problem. Since it's possible to do this with a new popup window, office-js should be able to do it with its popup window...
@m-hellesen Are you still looking into the issue? Any progress?
from office-js.
Please? Can someone have a look at this?
from office-js.
Hey, I do have someone looking into this. Did the workaround unblock you for now?
from office-js.
Hey, I do have someone looking into this. Did the workaround unblock you for now?
Ok, great, thank you 🙇 .
Since it used to work late last year I would rather not build a different solution that then have to be removed when the real one starts working again 😬
from office-js.
Hey @cattermo, I have been looking into the issue and it seems that the domain policy needs to be changed. Could you please verify if it works when the Cross-Origin-Opener-Policy header is not set to 'same-origin'. Let me know if this solves the issue. Thanks.
from office-js.
Hey @cattermo, I have been looking into the issue and it seems that the domain policy needs to be changed. Could you please verify if it works when the Cross-Origin-Opener-Policy header is not set to 'same-origin'. Let me know if this solves the issue. Thanks.
Sorry for late response, was bank holiday in Sweden.
Sadly setting "Cross-Origin-Opener-Policy": "unsafe-none"
does not make any difference.
from office-js.
Any progress on this?
from office-js.
Hi @cattermo, apologies for the delay. We've investigated and found that the manifest you provided no longer reproduces the host page receiving error:12006 issue. Could you please confirm if the issue is resolved for you? Thank you.
from office-js.
Hi @cattermo, apologies for the delay. We've investigated and found that the manifest you provided no longer reproduces the host page receiving error:12006 issue. Could you please confirm if the issue is resolved for you? Thank you.
The debugging code is now back for the manifest provided. The error is still the same.
Feel free to also use the reproduction repository that I have created for you 🙏
https://github.com/cattermo/officejs-reproduce-dialog-problem
from office-js.
Hi @cattermo, in your repository's index.js file at line 19, it attempts to redirect to 'https://google.com'. This action also sets the Cross-Origin-Opener-Policy, causing it to fail. When there are multiple redirections, it's essential to remove the Cross-Origin-Opener-Policy header from all responses or set them all to 'unsafe-none'.
Could you please try replacing the URL with 'https://example.com' (which does not have such header), and let me know if it resolves the issue for you? Thanks.
from office-js.
Hi @cattermo, in your repository's index.js file at line 19, it attempts to redirect to 'https://google.com'. This action also sets the Cross-Origin-Opener-Policy, causing it to fail. When there are multiple redirections, it's essential to remove the Cross-Origin-Opener-Policy header from all responses or set them all to 'unsafe-none'. Could you please try replacing the URL with 'https://example.com' (which does not have such header), and let me know if it resolves the issue for you? Thanks.
Oh, that's the key to it!! The receiving link also needs to have a less strict value for that header. This is what happened in our "real" app as well. One of the disadvantages of using helmetjs
as a standard.
Thank you very much for finding it! 🙏
from office-js.
Related Issues (20)
- body.clear() not working for content controls HOT 3
- How to make slide active Or How to insert image using index HOT 4
- Addin sample not showing in new look outlook and browsers. HOT 5
- Identifying Usage of New Outlook in Office-js Add-ins HOT 1
- Not able to sideload outlook addin. in macbook there is no option to add the manifest file HOT 5
- Inserting Signature with the OnMessageSend event duplicates the signature
- The identity API is not supported for this add-in in online Word HOT 2
- Excel Online: calculation state can get stuck in Pending state when workbook contains charts HOT 3
- IP Address Range Needed for Microsoft Office Add-in Validation Process
- Office API messageParent Outlook on android doesn't work
- NAA: Unable to acquire access token for event-based activation (onMessageSend) HOT 2
- Outlook addin using Bootstrap modal or offcanvas bleeds through on Mac version of Outlook. Classic and New Outlook for Mac. HOT 2
- [Word API] Document.compare: ability to specify Original and Revised document?
- Outlook NAA issue: "Something went wrong. [7q6cl]" Error HOT 5
- Web Outlook provides improper attachment data if attachment is still uploading to the email HOT 2
- [Question] Is it safe to use `CustomFunctions.delayinitialization()`
- New Outlook - emails stuck in outlook at queued or draft status HOT 3
- context.application.createDocument works only first time HOT 1
- WorkBook level Define name is getting corrupted while reopening excel using base64
- In Outlook, getAllInternetHeadersAsync works on an item in the Inbox, but not the sent folder
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from office-js.