Oxygen Web Author doesn't work with NodeJS reverse proxy
Posted: Thu Jan 24, 2019 4:21 pm
I've been trying and failing to integrate Oxygen Web Author (version 20.1.1) into a NodeJS CMS I'm building.
As I want to embed the editor as an iframe, I had to set up a reverse proxy to make sure everything comes from the same origin (it's also handy for https). However when I try to load a document, it fails with the following error:
This is caused by the JSON response from the OWA REST interface being passed on a string rather than being parsed. The reason for that is that the REST handling code doesn't recognise the content type header in the response as JSON, even though content type is application/json; charset=utf-8.
Here's the code snippet that fails:
Clearly application/json; charset=utf-8 satisfies none of these criteria, but it is a completely valid value and should be recognised as a JSON content type.
Unfortunately I can't switch off the sending of the extra charset parameter for proxied content in NodeJS, as it's been put there to solve a security vulnerability (described here.
Can you please fix this issue?
As I want to embed the editor as an iframe, I had to set up a reverse proxy to make sure everything comes from the same origin (it's also handy for https). However when I try to load a document, it fails with the following error:
Code: Select all
Uncaught TypeError: Cannot read property 'substring' of undefined
at sync.support.AuthorEditingSupport.load (workspace-1b43487a4d.js:3222)
at sync.Editor.init (workspace-1b43487a4d.js:3562)
at sync.Editor.<anonymous> (workspace-1b43487a4d.js:3556)
at d.onFulfilled (workspace-1b43487a4d.js:766)
at Function.goog.Promise.invokeCallback_ (workspace-1b43487a4d.js:774)
at goog.Promise.executeCallback_ (workspace-1b43487a4d.js:773)
at goog.Promise.executeCallbacks_ (workspace-1b43487a4d.js:772)
at goog.async.run.processWorkQueue (workspace-1b43487a4d.js:752)
Here's the code snippet that fails:
Code: Select all
REST._isJSONMIME = function(contentType){
return contentType == "application/json"
|| (contentType.indexOf("application/") == 0
&& contentType.lastIndexOf("+json") == (contentType.length - 5));
}
Unfortunately I can't switch off the sending of the extra charset parameter for proxied content in NodeJS, as it's been put there to solve a security vulnerability (described here.
Can you please fix this issue?