Page 1 of 1

Cross-Domain Request Support

Posted: Wed Jun 27, 2018 2:02 pm
by FuchsS

the documentation given on the epo homepage regarding Cross-Domain Request contains a complete example (in Chapter 3). This example (and any changes, I made to it), worked fine until the update to version 3.2. I changed all the URLs accordingly, which also work in a VFP-Script, I wrote. But testing the example, mentioned in the documentation, tells me that the source in the iframe "" doesn't exist. This is understandable, as version 3.1 reached its end of life, but simply changing the source to ".../3.2/xss/crossitescript.html" doesn't fix the problem.

Would it be possible to update your documentation with a working example?

Re: Cross-Domain Request Support

Posted: Fri Jun 29, 2018 7:10 am
by EPO / OPS Support

Please see the picture below. You need to use any tool that will allow adding your account credentials to set in order to open 3.2 documentation. We use POSTMAN, but there surely are many other tools that can do that.
I will also ask colleagues in charge to amend the PDF document on Cross-domain requests support. I will let you know when the new version will be available

Vesna for OPS

Re: Cross-Domain Request Support

Posted: Thu Jul 05, 2018 3:24 pm
by FuchsS
As suggested, I downloaded POSTMAN and generated a request using Basic Authentication and my OPS credentials. When trying a GET-Request for the url "" I get the response body, as shown in the screenshot. I will try to embed the code seen in the Response-Body into my existing code.

Thank you for the quick reply and help!

Re: Cross-Domain Request Support

Posted: Mon Aug 20, 2018 3:15 pm
by dev-info
hello, i try to use your example in my code, but i have all the time 403 response... but my headers is set
this is my code:

<iframe id="client" src="" />

<script type="text/javascript">
// cross request ///
var client = document.getElementById('client');

window.onload = function(){

var data = "{'url' : ' ... 000/biblio',"+ "'method' : 'GET', "+ "'requestHeaders' : {'Accept': 'application/json', 'Authorization': 'Basic *****************='} }";

client.contentWindow.postMessage(data, '');

function receiveMessage(event){

if (event.origin == "") {
var dataJSON = eval('(' + + ')');
console.log('data received: ', dataJSON);
//Now let's get some data using JSONP
} else {
alert("Got message from unknown source.");

function getJSONP(){
headers : {
'Authorization' : 'Basic *****************=',
'Accept': 'application/json',
var sUrl = ' ... 000000/.js'+ '?callback=?';

jQuery.getJSON(sUrl, function(oData) {
console.log('jsonp data received: ', oData);

do you think can you help me?
with postman that work fine, but not like that, i don't understand..
Thank you

Re: Cross-Domain Request Support

Posted: Tue Aug 21, 2018 6:21 am
by EPO / OPS Support

Code 403 tells you that your credentials are not set properly, it seems like you are using token whereas I am only using my OPS account credentials in my POSTMAN screen. Maybe someone can tell you how they did it? In the meantime, we are looking for a way to look at those documents in a simpler way, without OPS login.

Let's see if anyone reading this will offer you some advice on how they did it,

Vesna for OPS support

Re: Cross-Domain Request Support

Posted: Tue Aug 21, 2018 7:22 am
by dev-info
Yes in postman that work really great. I use the same authentication to you (username and password like that it's: "Basic ***base64*****=" . But for integred it, the iframe send request without authentication, so, response is only 403.
I tried to send before setup header with authentication, but that no worked too...

Thank you to your response :)