Skip to main content

I am using the Docusign SDK in a .Net web application.  I am creating an envelope and then sending the client a URL.  With this URL it opens a page that uses the envelopeid to generate the signing URL and then using Docusign JS to display within the page.   Everything is working except for the returnURL.  Once signing is completed it just displays a blank page.  The browser is returning this error in the console.

Refused to frame 'https://localhost:44377/' because it violates the following Content Security Policy directive: "frame-src 'self' https://docucdn-a.akamaihd.net/ https://apps-d.docusign.com https://demo.docusign.net https://account-d.docusign.com https://proof-d.docusign.net https://identity-d.docusign.net https://content.googleapis.com https://docs.google.com https://players.brightcove.net https://www.youtube.com https://accounts.google.com https://docusign.sjv.io https://docusign.co1.qualtrics.com/ https://apps.usw2.pure.cloud".

I am assigning the FrameAncestors and Message Origins.  Not sure what I am missing here. 

Ancestors.Add("https://localhost:44377")
 Ancestors.Add("https://apps-d.docusign.com")
Origins.Add("https://apps-d.docusign.com")

Team

 

I'm Sai with DocuSign Developer Support. Could you please:

Enable API logging and re-produce your use case, then attach to the case.
Record a HAR file of the error, export and attach to the case (Here is how to do this: https://help.okta.com/oag/en-us/content/topics/access-gateway/troubleshooting-with-har.htm)
Export the console logs of the error and attach to the case (Here is how to do this: https://support.shortpoint.com/support/solutions/articles/1000222881-save-browser-console-file)
Here are the instructions for API logging: 

The API Request Logs show the exact API request received by DocuSign which will provide more clues on what's happening. API Request logs are user dependent and when making calls using the DocuSign API via your app, the activity would be logged to the DocuSign user making the API calls. 

To get the API Request Logs, login to the DocuSign user that makes the API calls to create the envelopes:
1) You would click your Profile image, and select My Preferences in the dropdown menu. 
2) Clear logs if there are any.
3) Make sure logging is enabled.
4) Click Save. 
5) Run your process via your application to send the DocuSign envelope. 
6) Once that completes, refresh the General Settings page in DocuSign and click Download. 
7) You can then send over the zip folder for us to review (there should be a file in that zip folder with a name that includes something like "Created_CreateEnvelope" if the call completes successfully or “BadRequest” if you got an error.


This article includes visual steps for capturing API Request Logging: https://support.docusign.com/en/guides/ndse-user-guide-api-request-logging

 

Please open a support case with DS with all the details above as there is an existing investigation going on this issue.

 

"Select as Best" below if you find the answer a valid solution to your issue and mark it as resolved.

--
Thanks & Regards

Sai HariPriya Dandamudi | Developer Support Engineer | DocuSign

 


Any update here?


Same problem with Node SDK, everything works fine, but on redirect the iframe throw the error

Refused to frame 'https://myapp.url/' because it violates the following Content Security Policy directive: "frame-src 'self' https://docucdn-a.akamaihd.net/ https://apps-d.docusign.com https://demo.docusign.net https://account-d.docusign.com https://proof-d.docusign.net https://identity-d.docusign.net https://azure-demo.docusign.com https://content.googleapis.com https://docs.google.com https://players.brightcove.net https://www.youtube.com https://accounts.google.com https://docusign.sjv.io https://apps.usw2.pure.cloud https://docusign.co1.qualtrics.com/ https://sawmill-stage.docusigntest.com https://docusign.okta.com https://demo.forms.docusign.com".

RecipientViewRequest definitions:

viewRequest.frameAncestors = ['https://myapp.url', 'https://apps-d.docusign.com']
viewRequest.messageOrigins = ['https://apps-d.docusign.com']

Was there a solution to the problem that you can share?

 

Thanks in advance.

 


By design, the focused view allows the customer to do whatever they need to do on the page by using the event handlers. That is, even though you get the CSP error, you can redirect the page by adding the line "window.top.location.href" under "sessionEnd" event handler like the below:

signing.on('sessionEnd', (event) => {
 console.log('sessionend', event);
 window.top.location.href = event.returnUrl; // redirect to the return Url
 });

The CSP error is caused as your redirect URL is not registered in the CSP rule. But it doesn't matter to redirect your page to the target page with the code above. 


Yes I am using the 'sessionEnd' event but I am not redirecting to another page, everything is done within the same page.

Actually in 'sessionEnd' I hide the element where the document is rendered, but if the document is rejected it is redirected inside the ds generated iframe and the error is fired, it does not affect the user but the error is registered in console.


Byungjae.Chung  solutions solved my problem, it bypasses the error and redirects the page.Thanks!


Reply