03-14-2023 12:52 PM
I'm currently working on our upgrade to OnBase 22.1, and was curious to see if anyone has found a way to disable the Desktop Host "discovery" process within the web client?
For reference, the "discovery" process I'm referring to here is that upon logging into the web client, the user's browser will search for the desktop host by making a handful of calls to http[://]127.0.0.1/discovery (stopping early if the Desktop Host is actually installed and running).
This approach isn't dissimilar from other apps that have similar desktop host integrations, however, within our environment, when these calls are made, the Content Security Policy that we have configured on our web server blocks them. This effectively means that every time a user logs into the web client, we get 11 Content Security Policy violation reports.
We could of course add a CSP directive to allow these calls (for those in a similar position who ARE using the desktop host and have a Content Security Policy set, the directive you would need to add is: connect-src http://127.0.0.1:*/discovery), however, as a security best practice, I'd like to avoid adding anything to our CSP that we know is not (technically) needed within our environment at this time - if at all possible.
Thanks!
-Mike
03-27-2023 07:26 AM
Hi Everyone,
Just to circle back and close the loop here for anyone who might be in the same situation as our organization...
In working with Support and R&D, it is currently not possible to disable the Desktop Host discovery process. The rationale here is that with OnBase 22.1, the Desktop Host has completely replaced the old ActiveX controls.
However, I did create an Idea, asking for the implementation of a new "switch" that will allow administrators to disable this discovery process: https://community.hyland.com/ideas/idea/89326-provide-the-ability-to-disable-the-web-client-desktop-...
For now though, the options are either to (A) add the necessary "connect-src" directive (connect-src http://127.0.0.1:*/discovery or, this can also be limited to the specific ports [these currently appear to be 9938 -9949]), or (B) leave the directive off of the CSP, with the understanding that each user who logs in will end up sending a series of CSP reports.
Thanks!
-Mike
10-20-2023 09:39 AM
Hi
I verified desktop host service and printer spooler service are running and we removed load services on start up line to be able to start desktop host service and while we try to launch web client after a workstation reboot, we still get same error and found error in console from browser developer tools.
Do we need to modify anything at workstation or network level or desktop host config level to resolve this.
do we have to comment idp part from line 11 to 20 in config file since we dont have idp module.
10-23-2023 06:23 AM
Hi
You could confirm if you have the Desktop Host Gateway whitelisted within the config.json (i.e. C:\ProgramData\Hyland\DesktopHost\bin).
If this doesn't work, then I would recommend working with your first line of support for further assistance.
Take care.
10-23-2023 07:50 AM
Hi
Thanks for the inputs!
I added this in whitelist address and able to get rid of no-cors issue, but still getting message while i access web client and console showing discovery error. i added web server ip:8080 and web client url. am i supposed to only have 1287.0.0.1:8080 in whitelist addresses.
10-23-2023 08:26 AM
Hi
You would need to have 127.0.0.1:8080 since the Desktop Host Gateway is running locally. However, I can't say that you would ONLY need this address for it to work.
Take care.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.