Oxygen XML Forum

Hi,

I have an oxy_combobox with values that I am getting from an external XML file. The external URL is apparently causing some kind of security issue within Oxygen, and the XPath query is failing because of it. Here's a snippet of the line that's failing:
I am running Tomcat locally on port 8081 and hosting this file publicly (can access it via a browser and a direct XPath 2.0 query). But it fails in oxy_xpath in the CSS request with the following error:

[CSS]:XPath functions are evaluated with elevated permissions only when the source CSS is located in one of the frameworks or plugins directories. The problem was: access denied ("java.net.URLPermission" "http://localhost:8081/oxygen/DC/values.xml" "GET:")

Any ideas what the heck is going on? It kind of sounds like a cross-scripting issue, but I'm not sure. Any assistance would be greatly appreciated.

Hello,

At some point we've implemented a set of security measures. One of those measures restricts the CSS from connecting to a remote server when we can't guarantee its safety. First of all please make sure you are running the latest 17.1 build (2016031612) because we've fixed some issues specifically for your case. Here is what happens when a CSS connects to a remote location:
1.if this CSS is inside a framework directory then it will be able to connect
2.if the CSS is outside a framework directory, we will check the Trusted Hosts list (this part was added in build 2016031612) from Oxygen preferences and
- if the host is in that list we will allow the connection
- if the host is not in that list we will ask the user if he allows the connection

Best regards,
Alex

Awesome, that was it! I had a build from last December, so upgrading fixed my issue and allow me to add my host as an exception. Thanks!