Genesys Cloud - Developer Community!

 View Only

Sign Up

Back to discussions
Expand all | Collapse all

CORS for local embedded framework

  • 1.  CORS for local embedded framework

    Posted 12-10-2025 05:44

    Hello.

    I'm working with the embedded client. For development, I use framework.js, which is located at https://localhost/framework.js.
    Recently, I noticed that framework.js is unavailable with the error:
    Access to script at 'https://localhost/framework.js' from origin 'https://apps.mypurecloud.ie' has been blocked by CORS policy: Permission was denied for this request to access the 'unknown' address space.
    In developer tools, I see:
    Request URL: https://localhost/framework.js
    Referrer Policy: strict-origin-when-cross-origin

    Which is pretty clear. What are the solutions for this problem?

    Best regards,
    Igor


    #EmbeddableFramework

    ------------------------------
    Igor Varshavsky
    ------------------------------


  • 2.  RE: CORS for local embedded framework

    Posted 12-10-2025 07:59

    Olá @Igor Varshavsky, saudações do Brasil!

    O erro que você está recebendo não é causado por CORS tradicional. O Chrome e Edge passaram a aplicar Private Network Access (PNA), que bloqueia qualquer tentativa de carregar scripts locais (https://localhost/...) a partir de uma origem pública como https://apps.mypurecloud.ie. Esse bloqueio ocorre antes mesmo da requisição ser enviada, portanto configurar cabeçalhos CORS não resolve. Essa é uma limitação do navegador, não da Genesys Cloud.

    As soluções possíveis são:

    1. Hospedar framework.js em um domínio público válido (CDN, subdomínio corporativo, etc.).

    2. Usar um reverse proxy público para atingir seu ambiente local.

    3. Executar o ambiente de desenvolvimento completo localmente, evitando a origem pública.

    4. Opcionalmente, em ambiente de desenvolvimento, iniciar o Chrome com --disable-features=BlockInsecurePrivateNetworkRequests (não suportado para produção).

    Cenário semelhante ao seu: dns - CORS error: "Permission was denied for this request to access the unknown address space" only inside office network (Chrome PNA block?) - Stack Overflow



    ------------------------------
    Fernando Sotto dos Santos
    Consultor Grupo Casas Bahia
    ------------------------------

    Original Message


  • 3.  RE: CORS for local embedded framework

    Posted 12-10-2025 08:19

    Ola Fernando.

    Thanks for the reply.

    Of course, I can host framework.js on a corporate server, but how will the embedded client access it?

    I'm currently using the URL https://apps.mypurecloud.ie/crm/index.html?crm=framework-local-secure, which assumes https://localhost.

    Best regards



    ------------------------------
    Igor Varshavsky
    ------------------------------

    Original Message


  • 4.  RE: CORS for local embedded framework

    Posted 12-10-2025 08:32

    O Embeddable Client não acessa o framework.js por conta própria. O script é carregado pela sua própria página CRM, dentro do iframe.
    Ou seja, não existe nenhuma dependência técnica do Genesys Cloud que obrigue o uso de "https://localhost".

    Se você mover o framework.js para um servidor corporativo (por exemplo, https://dev.mycompany.com/framework.js), basta atualizar a referência na sua aplicação CRM:

    

    

    

    

    

    

    <script src="https://dev.mycompany.com/framework.js"></script>

    O Embeddable Client continuará funcionando normalmente, porque ele apenas renderiza a sua aplicação, e o navegador faz o download do script a partir da URL que você definiu.

    O problema atual ocorre porque navegadores modernos bloqueiam scripts locais quando carregados a partir de um domínio público. Ao servir o arquivo a partir de um domínio público controlado por você, o bloqueio desaparece e o framework é carregado sem restrições.



    ------------------------------
    Fernando Sotto dos Santos
    Consultor Grupo Casas Bahia
    ------------------------------

    Original Message


  • 5.  RE: CORS for local embedded framework

    Posted 12-10-2025 08:47

    So you mean I should specify in my app:
    <script src="https://dev.mycompany.com/framework.js"></script>
    <iframe src="https://apps.mypurecloud.ie/crm/index.html?crm=framework-local-secure&amp" ></iframe>
    And that way https://apps.mypurecloud.ie/ won't access localhost?



    ------------------------------
    Igor Varshavsky
    ------------------------------

    Original Message


  • 6.  RE: CORS for local embedded framework

    Posted 12-10-2025 09:24

    Sim, esse é o fluxo correto. O Embeddable Client não acessa framework.js diretamente. Ele simplesmente carrega sua aplicação CRM dentro do iframe. É a sua página CRM quem faz o carregamento do script. Se você alterar:

    

    

    

    

    

    

    <script src="https://localhost/framework.js"></script>

    para:

    

    

    

    

    

    

    <script src="https://dev.mycompany.com/framework.js"></script>

    então o navegador passará a buscar o arquivo desse domínio público, e não mais do localhost. Dessa forma, o apps.mypurecloud.ie deixa de tentar acessar endereços privados, eliminando o bloqueio de segurança.

    Alguns links de apoio:

    https://developer.genesys.cloud/authorization/platform-auth/cors

    Fetch Standard



    ------------------------------
    Fernando Sotto dos Santos
    Consultor Grupo Casas Bahia
    ------------------------------

    Original Message


  • 7.  RE: CORS for local embedded framework

    Posted 12-11-2025 01:00
    Edited by Igor Varshavsky 12-11-2025 01:02

    Ah, Fernando!

    If everything were so simple and obvious, the world would be simpler but more boring.
    I don't have code like this: <script src="https://localhost/framework.js"></script>, so there's no way to change it.

    Best regards



    ------------------------------
    Igor Varshavsky
    ------------------------------

    Original Message


  • 8.  RE: CORS for local embedded framework

    Posted 30 days ago

    Is no one developing an embedded framework?



    ------------------------------
    Igor Varshavsky
    ------------------------------

    Original Message


  • 9.  RE: CORS for local embedded framework

    Posted 30 days ago
    Edited by Jerome Saint-Marc 30 days ago

    Hello,

    I don't work on Embeddable Framework and hadn't used it for a while. But I tried the purecloud-embeddable-framework-example earlier today and faced the same issue (CORS error on localhost/framework.js). As mentioned in one of the link in this post, I think it is related to the introduction of Local Network Access permissions in Chrome (version 142 and above).

    I didn't get a pop-up from Chrome. And I didn't manage to make it work adding a allow="local-network-access mypurecloud.ie cloudfront.net" permission on the iframe in example.html. But I haven't spent a lot of time on this.

    So, as a temporary workaround, I used one of the approach mentioned somewhere, disabling local network access check in Chrome via flags -> "chrome://flags/#local-network-access-check" (setting it to Disabled).

    If you haven't done it already, I'd recommend to open a ticket with Customer Care to report the issue and so they can reach out to the Embeddable Framework team to investigate this (Local Embeddable Framework Development - Unability to load framework.js from localhost, due to CORS error, with Chrome >= version 142. Possibly due to the introduction of Local Network Access Check in Chrome).

    Regards,



    ------------------------------
    Jerome Saint-Marc
    Senior Development Support Engineer
    ------------------------------

    Original Message


  • 10.  RE: CORS for local embedded framework
    Best Answer

    Posted 30 days ago

    My mistake on trying to make this work. No need to disable local-network-access-check flag in chrome.

    I added the permission in the iframe. I hadn't noticed I already had an allow value.

    I mean I had this before:

    <iframe id="softphone" allow="camera *; microphone *" src="https://apps.mypurecloud.ie/crm/index.html?crm=framework-local-secure"></iframe>

    Which I changed to:

    <iframe id="softphone" allow="camera *; microphone *; local-network-access *" src="https://apps.mypurecloud.ie/crm/index.html?crm=framework-local-secure"></iframe>
    And this allowed me loading the framework.js (after a pop-up from Chrome, the first time).
    Regards,


    ------------------------------
    Jerome Saint-Marc
    Senior Development Support Engineer
    ------------------------------

    Original Message


  • 11.  RE: CORS for local embedded framework

    Posted 30 days ago

    Thank you, Jerome Saint-Marc.

    I added  to allowed iframelocal-network-access https://apps.mypurecloud.com .Now it work fine.

    Best regards,
    Igor



    ------------------------------
    Igor Varshavsky
    ------------------------------

    Original Message


Related Content