This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable the Desktop Host "Discovery" Process in the Web Client

Go to answer
MikeBruckner
Star Collaborator
Star Collaborator

‎03-14-2023 12:52 PM

I'm currently working on our upgrade to OnBase 22.1, and was curious to see if anyone has found a way to disable the Desktop Host "discovery" process within the web client? 

 

For reference, the "discovery" process I'm referring to here is that upon logging into the web client, the user's browser will search for the desktop host by making a handful of calls to http[://]127.0.0.1/discovery (stopping early if the Desktop Host is actually installed and running).

 

This approach isn't dissimilar from other apps that have similar desktop host integrations, however, within our environment, when these calls are made, the Content Security Policy that we have configured on our web server blocks them. This effectively means that every time a user logs into the web client, we get 11 Content Security Policy violation reports.

 

We could of course add a CSP directive to allow these calls (for those in a similar position who ARE using the desktop host and have a Content Security Policy set, the directive you would need to add is: connect-src http://127.0.0.1:*/discovery), however, as a security best practice, I'd like to avoid adding anything to our CSP that we know is not (technically) needed within our environment at this time - if at all possible.

 

Thanks!
-Mike

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
MikeBruckner
Star Collaborator
Star Collaborator

‎03-27-2023 07:26 AM

Hi Everyone,

 

Just to circle back and close the loop here for anyone who might be in the same situation as our organization...

 

In working with Support and R&D, it is currently not possible to disable the Desktop Host discovery process. The rationale here is that with OnBase 22.1, the Desktop Host has completely replaced the old ActiveX controls.

 

However, I did create an Idea, asking for the implementation of a new "switch" that will allow administrators to disable this discovery process: https://community.hyland.com/ideas/idea/89326-provide-the-ability-to-disable-the-web-client-desktop-...

 

For now though, the options are either to (A) add the necessary "connect-src" directive (connect-src http://127.0.0.1:*/discovery or, this can also be limited to the specific ports [these currently appear to be 9938 -9949]), or (B) leave the directive off of the CSP, with the understanding that each user who logs in will end up sending a series of CSP reports.

 

Thanks!

-Mike

View answer in original post

13 REPLIES 13

Go to answer
aboucher
Community Manager
Community Manager

‎03-16-2023 07:59 AM

Hi @Mike Bruckner,

 

I am reaching out to our Authentication and Security team to provide some advice to answer your question.  We will get back to you as soon as we have information or subsequent questions. 

  

Meanwhile, this question is still open for all other community members to provide a potential solution. 

 

Thanks, 

~Alan 

Go to answer
aboucher
Community Manager
Community Manager

‎03-16-2023 09:43 AM

Hi @Mike Bruckner,

 

We suggest that you Create a Support Case with FLOS (first line of support) so that a Support person can work directly with you and R&D to determine if this can be done or this would require an enhancement request.

 

Meanwhile, this question is still open for all other community members to provide a potential solution. 

 

Thanks!

~Alan

0 Kudos

Go to answer
MikeBruckner
Star Collaborator
Star Collaborator
In response to aboucher

‎03-16-2023 03:56 PM

Hi @Alan Boucher,

 

Thanks so much for your help in pointing me in the right direction!

 

That sounds good -- I will reach out to my FLOS and see what they come back with.

 

I'll circle back here to this post with our findings, just in case they end up being helpful for anyone else.

 

Thanks!
-Mike

0 Kudos

Go to answer
MikeBruckner
Star Collaborator
Star Collaborator

‎03-27-2023 07:26 AM

Hi Everyone,

 

Just to circle back and close the loop here for anyone who might be in the same situation as our organization...

 

In working with Support and R&D, it is currently not possible to disable the Desktop Host discovery process. The rationale here is that with OnBase 22.1, the Desktop Host has completely replaced the old ActiveX controls.

 

However, I did create an Idea, asking for the implementation of a new "switch" that will allow administrators to disable this discovery process: https://community.hyland.com/ideas/idea/89326-provide-the-ability-to-disable-the-web-client-desktop-...

 

For now though, the options are either to (A) add the necessary "connect-src" directive (connect-src http://127.0.0.1:*/discovery or, this can also be limited to the specific ports [these currently appear to be 9938 -9949]), or (B) leave the directive off of the CSP, with the understanding that each user who logs in will end up sending a series of CSP reports.

 

Thanks!

-Mike

Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC