Primeface openDialog not opening with nginx

[nicodemous]

I am using the primeface dialog-framework for nested dialogs. The page is running on Wildfly 10 and as long I access the wildfly-server the dialog-framework is working. If I put the wildfly behind nginx and redirect from the main-page to the wildfly the dialog-framework doesn't work any more. The standard-dialog are working fine.

Redirect-Rule for nginx:

Code: Select all

        
upstream wildfly {
       server 127.0.0.1:28080;
}

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.php;

        server_name www.xxxxxxxxxxxxx.eu;
        return 301 https://www.xxxxxxxxxxxxxxxx.eu$request_uri;
}

server {

        # SSL configuration

        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        server_name www.xxxxxxxxxx.eu;
        include snippets/ssl-xxxxxxxxxxxxxx.eu.conf;
        include snippets/ssl-params.conf;
        root /var/www/html;
        index index.html index.htm index.php;

        location / {
                try_files $uri $uri/ index.php;
        }

        location /showcase-6.1 {
           proxy_pass  http://wildfly;
           proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
           proxy_redirect off;

           proxy_set_header    Host            $host;
           proxy_set_header    X-Real-IP       $remote_addr;
           proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header    X-Forwarded-Proto https;
        }

# proxy_redirect http://127.0.0.1:28080 http://www.xxxxxxxxxxxxxxxx.eu;


        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        # Zugriff auf Roundcube Logs, sollte von außerhalb nicht möglich sein
        location ^~ /data {
                deny all;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_read_timeout 630;
                fastcgi_keep_conn on;
                # Dient ViMbAdmin, da Nginx keine htaccess-Datei einlesen wird
                fastcgi_param APP_ENV production;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        }
        location /admin {
                # Rewrite fix für ViMbAdmin
                try_files $uri $uri/ /admin/index.php?$args;
        }
        location ~ /\.ht {
                deny all;
        }
        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }
        # Keine Notwendigkeit
        location = /robots.txt {
                deny all;
                log_not_found off;
                access_log off;
        }
}

Update: Same issue happens with the showcase-6.1. Only Chrome-Console displays an issue:

Code: Select all

    nested.xhtml:1 Refused to display 'https://www.xxxxxxxxxxxx.xx/showcase-6.1/ui/df/level1.xhtml?pfdlgcid=e155e9aa-afef-4cb3-89e8-90c341577e09' in a frame because it set 'X-Frame-Options' to 'deny'.
    jquery.js.xhtml?ln=primefaces&v=6.1:25 Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://www.xxxxxxxxxxxxxxx.eu" from accessing a cross-origin frame.
        at contents (https://www.xxxxxxxxxxxx.eu/showcase-6.1/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=6.1:25:25119)
        at Function.map (https://www.xxxxxxxxxxxx.eu/showcase-6.1/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=6.1:14:4198)
        at bH.fn.init.bH.fn.(anonymous function) [as contents] (https://www.xxxxxxxxxx.xx/showcase-6.1/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=6.1:25:25238)
        at HTMLIFrameElement.<anonymous> (https://www.xxxxxxxxxx.xx/showcase-6.1/javax.faces.resource/components.js.xhtml?ln=primefaces&v=6.1:1:1578)
        at HTMLIFrameElement.dispatch (https://www.xxxxxxxxxx.xx/showcase-6.1/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=6.1:25:41037)
        at HTMLIFrameElement.cd.handle (https://www.xxxxxxxxxx.xx/showcase-6.1/javax.faces.resource/jquery/jquery.js.xhtml?ln=primefaces&v=6.1:25:37181)
    contents @ jquery.js.xhtml?ln=primefaces&v=6.1:25
    map @ jquery.js.xhtml?ln=primefaces&v=6.1:14
    bH.fn.(anonymous function) @ jquery.js.xhtml?ln=primefaces&v=6.1:25
    (anonymous) @ components.js.xhtml?ln=primefaces&v=6.1:1
    dispatch @ jquery.js.xhtml?ln=primefaces&v=6.1:25
    cd.handle @ jquery.js.xhtml?ln=primefaces&v=6.1:25

Nic

[nehakakar]

When you're trying to display content from a different origin in an iframe or frame, these security measures can prevent the content from being displayed.
Here's a rough example of how you can set these headers in Wildfly's configuration files,
but you should adapt it according to your need..

Code: Select all

<!-- In your standalone.xml or domain.xml -->
<subsystem xmlns="urn:jboss:domain:undertow:10.0" ...>
    ...
    <server name="default-server">
        ...
        <host name="default-host" ...>
            ...
            <!-- Configure response headers -->
            <filters>
                <response-header name="X-Frame-Options" header-name="X-Frame-Options" header-value="SAMEORIGIN"/>
                <response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
                <!-- Adjust the above header values as needed -->
                ...
            </filters>
        </host>
    </server>
</subsystem>

Verify your URL manually or Use browser developer tools to inspect network requests and redirects or use any online tool like redirect checker  This can help you to get detail redirection chain and its status code.