So I’m trying to get my web app working with Open EMR via the smart app feature and I’m running into an issue where my app is being blocked because of a cross origin issue since a smart app opens in an iframe.
Has anyone gotten a smart app working successfully? I think this might be a bug because not all apps are going to be hosted on the same domain.
In my desperate attempt to get it working I edited my openemr.conf
and added this:
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, X-Auth-Token"
Header always set Access-Control-Expose-Headers "Content-Security-Policy, Location"
Header always set Access-Control-Max-Age "86400"
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
But that didn’t get me the result I was hoping for, so is this a bug or am I doing something wrong?
Console errors for context:
browser-ponyfill.js:518 GET http://localhost/apis/default/fhir/metadata 500 (Internal Server Error)
(anonymous) @ browser-ponyfill.js:518
fetch @ browser-ponyfill.js:455
request @ lib.js:143
getAndCache @ lib.js:219
fetchConformanceStatement @ lib.js:237
getSecurityExtensionsFromConformanceStatement @ smart.js:65
getSecurityExtensions @ smart.js:153
authorize @ smart.js:336
async function (async)
authorize @ smart.js:283
authorize @ BrowserAdapter.js:152
(anonymous) @ Launch.js:11
invokePassiveEffectCreate @ react-dom.development.js:23487
callCallback @ react-dom.development.js:3945
invokeGuardedCallbackDev @ react-dom.development.js:3994
invokeGuardedCallback @ react-dom.development.js:4056
flushPassiveEffectsImpl @ react-dom.development.js:23574
unstable_runWithPriority @ scheduler.development.js:646
runWithPriority$1 @ react-dom.development.js:11276
flushPassiveEffects @ react-dom.development.js:23447
(anonymous) @ react-dom.development.js:23324
workLoop @ scheduler.development.js:590
flushWork @ scheduler.development.js:545
performWorkUntilDeadline @ scheduler.development.js:157
browser-ponyfill.js:518 GET http://localhost/apis/default/fhir/.well-known/smart-configuration 500 (Internal Server Error)
(anonymous) @ browser-ponyfill.js:518
fetch @ browser-ponyfill.js:455
request @ lib.js:143
getAndCache @ lib.js:219
fetchWellKnownJson @ smart.js:36
getSecurityExtensionsFromWellKnownJson @ smart.js:47
getSecurityExtensions @ smart.js:148
authorize @ smart.js:336
async function (async)
authorize @ smart.js:283
authorize @ BrowserAdapter.js:152
(anonymous) @ Launch.js:11
invokePassiveEffectCreate @ react-dom.development.js:23487
callCallback @ react-dom.development.js:3945
invokeGuardedCallbackDev @ react-dom.development.js:3994
invokeGuardedCallback @ react-dom.development.js:4056
flushPassiveEffectsImpl @ react-dom.development.js:23574
unstable_runWithPriority @ scheduler.development.js:646
runWithPriority$1 @ react-dom.development.js:11276
flushPassiveEffects @ react-dom.development.js:23447
(anonymous) @ react-dom.development.js:23324
workLoop @ scheduler.development.js:590
flushWork @ scheduler.development.js:545
performWorkUntilDeadline @ scheduler.development.js:157
smart.js:123 Uncaught (in promise) Error: Failed to fetch the conformance statement from "http://localhost/apis/default/fhir/metadata". HttpError: 500 Internal Server Error
URL: http://localhost/apis/default/fhir/metadata; Failed to fetch the well-known json "http://localhost/apis/default/fhir/.well-known/smart-configuration". 500 Internal Server Error
URL: http://localhost/apis/default/fhir/.well-known/smart-configuration
at onError (smart.js:123)
Uncaught DOMException: Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.
at SizeModaliFrame (http://localhost/library/dialog.js?v=62:803:118)
at http://localhost/library/dialog.js?v=62:583:29
Apache error log:
[Thu Mar 25 16:35:27.691620 2021] [ssl:warn] [pid 126] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 16:35:27.691632 2021] [ssl:warn] [pid 126] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.224.3. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 25 16:35:27.703221 2021] [ssl:warn] [pid 126] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 16:35:27.703230 2021] [ssl:warn] [pid 126] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
[Thu Mar 25 16:35:27.704730 2021] [mpm_prefork:notice] [pid 126] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1j configured -- resuming normal operations
[Thu Mar 25 16:35:27.704744 2021] [core:notice] [pid 126] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 25 17:03:28.712485 2021] [php7:error] [pid 128] [client 192.168.224.1:53488] PHP Fatal error: Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:03:28.713269 2021] [php7:error] [pid 131] [client 192.168.224.1:53486] PHP Fatal error: Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:24:39.382913 2021] [ssl:warn] [pid 16] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 17:24:39.382926 2021] [ssl:warn] [pid 16] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.224.3. Set the 'ServerName' directive globally to suppress this message
[Thu Mar 25 17:24:39.395312 2021] [ssl:warn] [pid 16] AH01906: 192.168.224.3:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Mar 25 17:24:39.395324 2021] [ssl:warn] [pid 16] AH01909: 192.168.224.3:443:0 server certificate does NOT include an ID which matches the server name
[Thu Mar 25 17:24:39.395414 2021] [core:warn] [pid 16] AH00098: pid file /run/apache2/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Mar 25 17:24:39.396840 2021] [mpm_prefork:notice] [pid 16] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1j configured -- resuming normal operations
[Thu Mar 25 17:24:39.396860 2021] [core:notice] [pid 16] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
[Thu Mar 25 17:27:57.853651 2021] [php7:error] [pid 24] [client 192.168.224.1:53974] PHP Fatal error: Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:27:57.854716 2021] [php7:error] [pid 25] [client 192.168.224.1:53978] PHP Fatal error: Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:33:48.380008 2021] [php7:error] [pid 18] [client 192.168.224.1:54098] PHP Fatal error: Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
[Thu Mar 25 17:33:48.380008 2021] [php7:error] [pid 20] [client 192.168.224.1:54100] PHP Fatal error: Uncaught Error: Class 'HttpRestRequest' not found in /var/www/localhost/htdocs/openemr/apis/dispatch.php:29\nStack trace:\n#0 {main}\n thrown in /var/www/localhost/htdocs/openemr/apis/dispatch.php on line 29, referer: http://localhost:3000/
The browser says one thing and apache says another and I’m all like
Thanks.