TRIRIGA

Maximo-ICON.png

Maximo

Learn how to increase the operational efficiency of the assets you manage, and improve overall equipment effectiveness by using IoT data and AI.

Maximo-ICON.png

TRIRIGA

Reduce the operational costs of the facilities you manage, and create more engaging occupant experiences through the application of IoT data and AI.

Maximo-ICON.png

Engineering

Learn how IoT data and AI are being applied to transform the end-to-end engineering lifecycle.

Expand all | Collapse all

Advanced Room Search Add-in issue

  • 1.  Advanced Room Search Add-in issue

    Posted Thu July 02, 2020 09:59 AM
    Hello Tririgans -

    Currently we are in process of configuring Reservation module for one of our customer. Part of which we are enabling the Advanced Room Search Add-in which came out as part of 3.6.1/10.6.1. Now are facing problems loading this plugin in web Outlook if X-Frame-Options is set to 'SAMEORIGIN' on the destination TRIRIGA. And below is the error from browser console

    Refused to display 'https://aetnasandbox.oncfi.com/p/web/outlook/roomSearch?et=' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

    This is a standard setting to mitigate XSS/CSS vulnerability which IBM also recommends (Ref: https://www.ibm.com/support/knowledgecenter/SSHEB3_3.6.1/com.ibm.tap.doc/pdfs_wiki/Security_Scan_Checklist.pdf).

    We do not want to remove this 'SAMEORIGIN' option totally but wanted to make this plugin work. Currently we are trying out Access-Control-allow-Origin setting but that has its own limitation. Hence checking if any of you encountered this issue, have any guidance\sugesstions. 

    Appreciate your time & response.


    ------------------------------
    Edwin David
    ------------------------------


  • 2.  RE: Advanced Room Search Add-in issue

    Posted Mon July 20, 2020 11:49 AM
    Great post. Thank you for sharing.

    ------------------------------
    Rosarito Bugania
    ------------------------------