This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Disable the Desktop Host "Discovery" Process in the Web Client

Go to answer
MikeBruckner
Star Collaborator
Star Collaborator

‎03-14-2023 12:52 PM

I'm currently working on our upgrade to OnBase 22.1, and was curious to see if anyone has found a way to disable the Desktop Host "discovery" process within the web client? 

 

For reference, the "discovery" process I'm referring to here is that upon logging into the web client, the user's browser will search for the desktop host by making a handful of calls to http[://]127.0.0.1/discovery (stopping early if the Desktop Host is actually installed and running).

 

This approach isn't dissimilar from other apps that have similar desktop host integrations, however, within our environment, when these calls are made, the Content Security Policy that we have configured on our web server blocks them. This effectively means that every time a user logs into the web client, we get 11 Content Security Policy violation reports.

 

We could of course add a CSP directive to allow these calls (for those in a similar position who ARE using the desktop host and have a Content Security Policy set, the directive you would need to add is: connect-src http://127.0.0.1:*/discovery), however, as a security best practice, I'd like to avoid adding anything to our CSP that we know is not (technically) needed within our environment at this time - if at all possible.

 

Thanks!
-Mike

Labels:
0 Kudos
1 ACCEPTED ANSWER

Go to answer
MikeBruckner
Star Collaborator
Star Collaborator

‎03-27-2023 07:26 AM

Hi Everyone,

 

Just to circle back and close the loop here for anyone who might be in the same situation as our organization...

 

In working with Support and R&D, it is currently not possible to disable the Desktop Host discovery process. The rationale here is that with OnBase 22.1, the Desktop Host has completely replaced the old ActiveX controls.

 

However, I did create an Idea, asking for the implementation of a new "switch" that will allow administrators to disable this discovery process: https://community.hyland.com/ideas/idea/89326-provide-the-ability-to-disable-the-web-client-desktop-...

 

For now though, the options are either to (A) add the necessary "connect-src" directive (connect-src http://127.0.0.1:*/discovery or, this can also be limited to the specific ports [these currently appear to be 9938 -9949]), or (B) leave the directive off of the CSP, with the understanding that each user who logs in will end up sending a series of CSP reports.

 

Thanks!

-Mike

View answer in original post

13 REPLIES 13

Go to answer
Avinash_Mittapa
Champ on-the-rise
Champ on-the-rise
In response to Avinash_Mittapa

‎10-20-2023 09:39 AM

Hi @Adam Shane 

 

I verified desktop host service and printer spooler service are running and we removed load services on start up line to be able to start desktop host service and while we try to launch web client after a workstation reboot, we still get same error and found error in console from browser developer tools.

 

Do we need to modify anything at workstation or network level or desktop host config level to resolve this.

do we have to comment idp part from line 11 to 20 in config file since we dont have idp module.

1d1264bd68cf44e699662bdb15383df4 

0 Kudos

Go to answer
AdamShaneHyland
Employee
Employee
In response to Avinash_Mittapa

‎10-23-2023 06:23 AM

Hi @Avinash Mittapalli ,

 

You could confirm if you have the Desktop Host Gateway whitelisted within the config.json (i.e. C:\ProgramData\Hyland\DesktopHost\bin).

 

ffbc0a8fc2554f0ba5715394211de855

 

If this doesn't work, then I would recommend working with your first line of support for further assistance.

 

Take care.

0 Kudos

Go to answer
Avinash_Mittapa
Champ on-the-rise
Champ on-the-rise
In response to Avinash_Mittapa

‎10-23-2023 07:50 AM

Hi @Adam Shane 
Thanks for the inputs!

I added this in whitelist address and able to get rid of no-cors issue, but still getting message while i access web client and console showing discovery error. i added web server ip:8080 and web client url. am i supposed to only have 1287.0.0.1:8080 in whitelist addresses. 

0 Kudos

Go to answer
AdamShaneHyland
Employee
Employee
In response to Avinash_Mittapa

‎10-23-2023 08:26 AM

Hi @Avinash Mittapalli ,

 

You would need to have 127.0.0.1:8080 since the Desktop Host Gateway is running locally.  However, I can't say that you would ONLY need this address for it to work.

 

Take care.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC