Not able to implement WebEmbed exercise in Implementing web embed interfaces om LSA → Pega Design exercise challenge.
Followed the instructions in the challenge.
Updated the generated client ID in the web embed code.
Clicking on case1.html the system does not render the new created case.
Please advise.
@Ravi Balasubramaniam
In Chromium-based browsers, ensure that in the Cross-site Request Forgery system setting, in the Cookie settings section, the Enable samesite cookie attribute is checked, and the Sometime options drop-down list is set to None.
For more information, see Mozilla developer guidance.
Verify if the Content-Security-Policy header returned by one of the redirect responses is not stopping the authorization from completing in the hidden iframe. Values to consider are: script-src, frame-src, sandbox, frame-ancestors, and navigate-to.
If the redirect sequence to the identity provider is very slow, then increasing the timeout interval might prevent the pop-up window from appearing.
If the authentication fails in the hidden iframe, ensure that the server that authorizes the endpoint is not configured to return the X-Frame-Options header with a response of SAMEORIGIN or DENY. If you fix this configuration, the authentication redirects in the hidden iframe should succeed. Consequently, the pop-up window does not appear.
@Ravi Balasubramaniam - Can you share the screen shot of webembed screen run time .If any errors are seen on browser developer tools console tab share the screen shot.
Thank you.
@Priyanka Boga -
Facing similar issue with the web embed exercise in CLSA Infinity ’23 course.
When I click on the external html page area containing the web embed, it just clocks. I can see error on browser developer tool console.
Here is the webembed code. I used custom bearer grant type.
Attached browser error screenshot
In the Endpoint-CORS policy mapping I was able to see
Endpoint * mapped to AllowAllOrigins CORS policy
Not sure how to fix it for quite some time. Please help.
browser_screenshot.docx (75.3 KB)
@SohiniD775 - Can you verify the DSS " api.v1.CORS.allowedheaders" any changes are done other than -authorization, content-type
Thank you.
@Ravi Balasubramaniam
seems like you might have missed to update OAuth2 service package pointing to right service access group DeliveryService:Users
@SohiniD775 thanks a lot Sohini. it worked like clock work with a bit of delay though. Appreciate ur help.
@Priyanka Boga
I verified that the DSS api.v1.CORS.allowedheaders has the value ‘authorization, content-type’ only.
@Ravi Balasubramaniam
Hi Ravi
Please invoke the sample web embed using https://localhost.pegailt.net/PASample/ since the origin null indicates the local file system and you need to access it from the web where it is deployed.
