Make sure that you are running a compatible version of Node.js, version 10 or later, as using older versions may throw some errors during setup. Check this guide on how to spin up a local instance. To work around this issue during application development, run your own development instance of DHIS2 or spin up a local instance using Docker and the d2 cluster command of the DHIS2 CLI. If you try to connect your application on localhost to the DHIS2 Play server and encounter some errors, please note that DHIS2 Play instances use nginx as a reverse proxy which has been configured for hardened security, preventing cross-site cookies completely. See below:ĭHIS2 Play instances: allow you to test out the DHIS2 platform using demo databases on the DHIS2 Play server. You could also try disabling the cache from the network tab in Chrome DevTools. In a CSRF attack, a malicious site attempts to use valid cookies from legitimate sites to carry out attacks. However, you should exercise caution as this will leave users vulnerable to Cross-Site Request Forgery ( CSRF) attacks. If you're willing to soften your browser security for the sake of debugging you can work around this by typing about:config on a browser tab, searching for the property and setting it to false. The previous default configuration allowed to send cookies with both cross-site and same-site requests ( SameSite=None) while the in the new default configuration cookies will be withheld on cross-site requests (such as calls to load images or frames) but sent when a user navigates to the URL from an external site for example, by following a link ( SameSite=Lax). This is because recently Mozilla changed the SameSite Cookie behavior on Firefox to be a bit more strict. Note that you will need to close all instances of Chrome that are running before executing the following commands: You can mention flags that you need to disable on your terminal. The flags #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure have been removed from chrome://flags as of Chrome 91, as the behavior is now enabled by default. You may need to restart your browser to apply the new setting. Chrome 90 and earlier versions ĭisable the default SameSite Cookies behavior in Chrome by setting the "SameSite by default cookies" flag chrome://flags/#same-site-by-default-cookies to Disabled. To check your current Google Chrome version: click on the three dots menu > Help > About Google Chrome > Your Chrome version number will be displayed. There are a few things that you could do if you're using Chrome and the problem persists: Disable SameSite by Default Cookies The settings will be automatically updated by tabbing out of that. There you can add the URLs that you want to grant access. Then go to Access from the menu on the left and scroll down to see the CORs whitelist option. When you login to your instance, click on the apps icon and search for System Setting application. There's a CORs whitelist option that can be configured to add other URLs besides the current one and allow that DHIS2 application instance. In a DHIS2 instance, by default only web applications that are running on the same URL can access that DHIS2 instance. If you run into Cross-Origin Resource Sharing (CORs) policy issues when connecting to your server, you could start with the CORs whitelist. If you encounter some errors when trying to connect to your application or during development, please try the following troubleshooting steps: CORs whitelist
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |