Smart App issue bug or working as intended?

So I’m trying to get my web app working with Open EMR via the smart app feature and I’m running into an issue where my app is being blocked because of a cross origin issue since a smart app opens in an iframe.

Has anyone gotten a smart app working successfully? I think this might be a bug because not all apps are going to be hosted on the same domain.

In my desperate attempt to get it working I edited my openemr.conf and added this:

Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
  Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, X-Auth-Token"
  Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
  Header always set Access-Control-Max-Age "86400"

  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} OPTIONS
  RewriteRule ^(.*)$ $1 [R=200,L]

But that didn’t get me the result I was hoping for, so is this a bug or am I doing something wrong?

Console errors for context:

browser-ponyfill.js:518 GET http://localhost/apis/default/fhir/metadata 500 (Internal Server Error)
(anonymous) @ browser-ponyfill.js:518
fetch @ browser-ponyfill.js:455
request @ lib.js:143
getAndCache @ lib.js:219
fetchConformanceStatement @ lib.js:237
getSecurityExtensionsFromConformanceStatement @ smart.js:65
getSecurityExtensions @ smart.js:153
authorize @ smart.js:336
async function (async)
authorize @ smart.js:283
authorize @ BrowserAdapter.js:152
(anonymous) @ Launch.js:11
invokePassiveEffectCreate @ react-dom.development.js:23487
callCallback @ react-dom.development.js:3945
invokeGuardedCallbackDev @ react-dom.development.js:3994
invokeGuardedCallback @ react-dom.development.js:4056
flushPassiveEffectsImpl @ react-dom.development.js:23574
unstable_runWithPriority @ scheduler.development.js:646
runWithPriority$1 @ react-dom.development.js:11276
flushPassiveEffects @ react-dom.development.js:23447
(anonymous) @ react-dom.development.js:23324
workLoop @ scheduler.development.js:590
flushWork @ scheduler.development.js:545
performWorkUntilDeadline @ scheduler.development.js:157
browser-ponyfill.js:518 GET http://localhost/apis/default/fhir/.well-known/smart-configuration 500 (Internal Server Error)
(anonymous) @ browser-ponyfill.js:518
fetch @ browser-ponyfill.js:455
request @ lib.js:143
getAndCache @ lib.js:219
fetchWellKnownJson @ smart.js:36
getSecurityExtensionsFromWellKnownJson @ smart.js:47
getSecurityExtensions @ smart.js:148
authorize @ smart.js:336
async function (async)
authorize @ smart.js:283
authorize @ BrowserAdapter.js:152
(anonymous) @ Launch.js:11
invokePassiveEffectCreate @ react-dom.development.js:23487
callCallback @ react-dom.development.js:3945
invokeGuardedCallbackDev @ react-dom.development.js:3994
invokeGuardedCallback @ react-dom.development.js:4056
flushPassiveEffectsImpl @ react-dom.development.js:23574
unstable_runWithPriority @ scheduler.development.js:646
runWithPriority$1 @ react-dom.development.js:11276
flushPassiveEffects @ react-dom.development.js:23447
(anonymous) @ react-dom.development.js:23324
workLoop @ scheduler.development.js:590
flushWork @ scheduler.development.js:545
performWorkUntilDeadline @ scheduler.development.js:157
smart.js:123 Uncaught (in promise) Error: Failed to fetch the conformance statement from "http://localhost/apis/default/fhir/metadata". HttpError: 500 Internal Server Error
URL: http://localhost/apis/default/fhir/metadata; Failed to fetch the well-known json "http://localhost/apis/default/fhir/.well-known/smart-configuration". 500 Internal Server Error
URL: http://localhost/apis/default/fhir/.well-known/smart-configuration
    at onError (smart.js:123)
Uncaught DOMException: Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.
    at SizeModaliFrame (http://localhost/library/dialog.js?v=62:803:118)
    at http://localhost/library/dialog.js?v=62:583:29

Apache error log:

[Thu Mar 25 16:35:27.691620 2021] [ssl:warn] [pid 126] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 16:35:27.691632 2021] [ssl:warn] [pid 126] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.224.3. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 25 16:35:27.703221 2021] [ssl:warn] [pid 126] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 16:35:27.703230 2021] [ssl:warn] [pid 126] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
[Thu Mar 25 16:35:27.704730 2021] [mpm_prefork:notice] [pid 126] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1j configured -- resuming normal operations
[Thu Mar 25 16:35:27.704744 2021] [core:notice] [pid 126] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 25 17:03:28.712485 2021] [php7:error] [pid 128] [client 192.168.224.1:53488] PHP Fatal error:  Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n  thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:03:28.713269 2021] [php7:error] [pid 131] [client 192.168.224.1:53486] PHP Fatal error:  Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n  thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:24:39.382913 2021] [ssl:warn] [pid 16] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 17:24:39.382926 2021] [ssl:warn] [pid 16] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.224.3. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 25 17:24:39.395312 2021] [ssl:warn] [pid 16] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 17:24:39.395324 2021] [ssl:warn] [pid 16] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
[Thu Mar 25 17:24:39.395414 2021] [core:warn] [pid 16] AH00098: pid file /run/apache2/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Mar 25 17:24:39.396840 2021] [mpm_prefork:notice] [pid 16] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1j configured -- resuming normal operations
[Thu Mar 25 17:24:39.396860 2021] [core:notice] [pid 16] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 25 17:27:57.853651 2021] [php7:error] [pid 24] [client 192.168.224.1:53974] PHP Fatal error:  Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n  thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:27:57.854716 2021] [php7:error] [pid 25] [client 192.168.224.1:53978] PHP Fatal error:  Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n  thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:33:48.380008 2021] [php7:error] [pid 18] [client 192.168.224.1:54098] PHP Fatal error:  Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n  thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:33:48.380008 2021] [php7:error] [pid 20] [client 192.168.224.1:54100] PHP Fatal error:  Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n  thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/

The browser says one thing and apache says another and I’m all like :upside_down_face: :rofl:

Thanks.

This appears/may to be a bug in dialog when trying to fetch screen sizes from the iframe content.

let idoc = e.currentTarget.contentDocument ? e.currentTarget.contentDocument : e.currentTarget.contentWindow.document;

This is for auto sizing dialog.
library/dialog.js L-803

Try setting trap on line and defaulting to passed in height.

we may need to rethink

I’ll try that and report back, thanks @sjpadgett

[UPDATE]: commented out a few lines of that code and hardcoded the values and I still get the cross origin error.

okay, this is an issue and unsure how to handle at the moment however, the iframe content sizing is also.
here’s a fix for that and will look into handle xsite in dialog.
dialog.js (32.5 KB)

Are you trying to resolve this?

@sjpadgett It seems that class is undefined :eyes:

that’s your real issue. maybe your build is corrupted and class map doesn’t include the include.
if you don’t get past there then preflight(if needed) isn’t caught etc.

for grins try composer dump-autoload -o from command line otherwise, I don’t know beings docker and all.(I rarely use thus not very experienced with docker).

Ok so I just decided to run the docker-compose from the production folder and this seems to be working but I’m still running into issues with smart app launching.

Now when I click on the launch button I get a 401 unauthorized error because the smart app is not passing the client id for some reason.

{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}

Browser console error with no client_id:

GET http://localhost/oauth2/default/authorize?response_type=code&client_id=&scope=openid%20email%20phone%20address%20api%3Aoemr%20api%3Afhir%20api%3Aport%20api%3Apofh%20launch%20offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fpatient%2F&aud=http%3A%2F%2Flocalhost%2Fapis%2Fdefault%2Ffhir&state=mrMTL9Dudif3lopl&launch=eyJwIjoiOTMwYWYxOGQtOTE3Yy00NGY2LWI4YzctZjdlMWYwMmUzNjZmIiwiaSI6InBhdGllbnQuZGVtb2dyYXBoaWNzLmRpYWxvZyJ9 401 (Unauthorized)

Apache error logs:

[Fri Mar 26 09:46:30.490316 2021] [ssl:warn] [pid 80] AH01906: 172.18.0.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 26 09:46:30.490326 2021] [ssl:warn] [pid 80] AH01909: 172.18.0.3:443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 172.18.0.3. Set the 'ServerName' directive globally to suppress this message
[Fri Mar 26 09:46:30.500379 2021] [ssl:warn] [pid 80] AH01906: 172.18.0.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Mar 26 09:46:30.500387 2021] [ssl:warn] [pid 80] AH01909: 172.18.0.3:443:0 server certificate does NOT include an ID which matches the server name
[Fri Mar 26 09:46:30.501530 2021] [mpm_prefork:notice] [pid 80] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1i configured -- resuming normal operations 
[Fri Mar 26 09:46:30.501543 2021] [core:notice] [pid 80] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Fri Mar 26 09:50:43.894158 2021] [php7:warn] [pid 85] [client 172.18.0.1:39114] PHP Warning:  implode(): Invalid arguments passed in /var/www/localhost/htdocs/openemr/src/RestControllers/AuthorizationController.php on line 271
[Fri Mar 26 09:53:12.824450 2021] [php7:notice] [pid 89] [client 172.18.0.1:39228] [2021-03-26T09:53:12.823871+00:00] OpenEMR.ERROR: ClientRepository->getClientEntity() no client found for identifier  {"client":""} [], referer: http://localhost:3000/
[Fri Mar 26 09:53:12.824844 2021] [php7:notice] [pid 89] [client 172.18.0.1:39228] [2021-03-26T09:53:12.824824+00:00] OpenEMR.ERROR: AuthorizationController->oauthAuthorizationFlow() OAuthServerException {"message":"Client authentication failed"} [], referer: http://localhost:3000/