Connections Version: 8 CR10
Operating System: RHEL 8.10
Hey everyone,
I have the following problem in Connections 8 CR10:
HCL LEAP is installed on the same WebSphere Cluster and configured correctly (Building surveys and applications works like a charm), but embedding in Connections doesn’t work, apparently because of CORS. But I don’t get why exactly. I get that in every browser I tested.
URL and scheme for LEAP and Connections is the same…
Some details:
Request Header:
GET /apps/secure/1/app/a49920ad-e533-462a-8558-20c918c66fb1/launch/index.html?form=F_Form1 HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cache-Control: no-cache
Connection: keep-alive
Cookie: wfx_unq=smFU6bjxXPvdfIKh; ROLE_global-moderator=false; ROLE_metrics-report-run=true; ROLE_admin=true; ROLE_mail-user=false; X-IC-Preload=true; ROLE_invite-user=false; blogsUser=Florian Stahl; role=globalAdmin; lcAppRegLang=de-DE%2Cde%2Cen-US%2Cen; BAYEUX_BROWSER=9abaimt2nqpnw5zumd4c4udkuka; WASReqURL=https://connections.softwerk.de/social/; lconn.profiles.sametime.currentStatus=1; X-IC-Container-Token=connections.softwerk.de$11850ce352f977f109c92857bfdde44622848fc375e451cea6339629019a36e8; org.cometd.reload=%7B%22url%22%3A%22https%3A%2F%2Fconnections.softwerk.de%2Fpush%2Fform%2Fcomet%22%2C%22handshakeResponse%22%3A%7B%22ext%22%3A%7B%22channels%22%3A%7B%22news%22%3A%7B%22url%22%3A%22%2Fconnections%2Factivitystream%2Fresponses%2FD8BC5178-64C7-9ED6-C125-7AFE0033AD85%22%7D%2C%22filesync%22%3A%7B%22url%22%3A%22%2Fconnections%2Ffilesync%2FD8BC5178-64C7-9ED6-C125-7AFE0033AD85%22%7D%2C%22connections%22%3A%7B%22url%22%3A%22%2Fconnections%2FD8BC5178-64C7-9ED6-C125-7AFE0033AD85%22%7D%7D%2C%22messageAgeInHours%22%3A720%2C%22serviceconfig%22%3A%7B%22files%22%3A%5B%22http%3A%2F%2Fconnections.softwerk.de%2Ffiles%22%2C%22https%3A%2F%2Fconnections.softwerk.de%2Ffiles%22%5D%7D%7D%2C%22minimumVersion%22%3A%221.0%22%2C%22clientId%22%3A%22ppl1rzq4oj3yf1aam6a03336sa%22%2C%22supportedConnectionTypes%22%3A%5B%22callback-polling%22%2C%22long-polling%22%5D%2C%22advice%22%3A%7B%22incrementalSync%22%3Atrue%2C%22fullSync%22%3Afalse%7D%2C%22channel%22%3A%22%2Fmeta%2Fhandshake%22%2C%22id%22%3A%2212%22%2C%22version%22%3A%221.0%22%2C%22successful%22%3Atrue%2C%22reestablish%22%3Atrue%2C%22action%22%3A%22handshake%22%7D%2C%22transportType%22%3A%22long-polling%22%2C%22cookiePath%22%3A%22%2F%22%7D
Host: connections.softwerk.de
Pragma: no-cache
Referer: https://connections.softwerk.de/communities/service/html/communityoverview?communityUuid=0336fdce-4642-4650-898f-c2e82e2dd47a
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36
sec-ch-ua: "Not)A;Brand";v="8", "Chromium";v="138", "Google Chrome";v="138"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Response Header:
HTTP/1.1 200 OK
Server: nginx/1.14.1
Date: Wed, 16 Jul 2025 07:10:22 GMT
Content-Type: text/html
Content-Length: 6593
Connection: keep-alive
X-Powered-By: Servlet/3.0
Cache-Control: public,max-age=0,s-maxage=0
ETag: "GUpeJMjibAEsjo+ooCEm6gKboq4="
Content-Location: apps/secure/org/content/9.3.10.25/a49920ad-e533-462a-8558-20c918c66fb1/1752642505011-1/desktop/de/de/de/desktop/launch/index-secure.html?form=F_Form1
Content-Security-Policy: frame-ancestors 'none';
X-UA-Compatible: IE=EmulateIE8;IE=EmulateIE9;IE=EmulateIE10;IE=EmulateIE11
Vary: User-Agent
Content-Encoding: gzip
Content-Language: de-DE
Any ideas?
