Servoy Forum

Hi all,

for a while we have been running Servoy 2021.12 NG-Client as an add-in inside Outlook.
Now we have hit two possibly linked issues. Under Servoy 2023.03, The outlook add-in simply displays a blank screen and a "Refused to connect" message.

Servoy runs inside an iFrame in Outlook, and the page containing the iFrame is served from our Servoy server.

Setting

servoy.ngclient.setContentSecurityPolicyHeader

to false in the Servoy server console makes the message go away, but the screen is still blank.
I don't find the documentation helpful. How do I set up

servoy.ngclient.contentSecurityPolicy

to get this to work?

Thanks

i think yes you have a look at the CSP setting and maybe add that domain also to your settings (instead of really turning it off)

But i think the most important part here is that the session cookie needs to work and for that you need to have a context.xml file (in your WAR)
which needs to have something like this:

Code: Select all

<Context>
   <CookieProcessor sameSiteCookies="none" />
</Context>


so that the sameSiteCookie value of the session cookie is set to "none" (default it is i think "lax" which doesn't work for iframes in other domains)

Servoy can generate a WAR with that context.xml file (we have a setting for that in the war exporter)

Yes, the context.xml and small change to the add-in code so it follows the pattern seen in Servoy's Office365 repository has fixed the problem.
In our code we had a top level variable named 'module' and this caused a few javascript errors.