Skip to main content

I created an app to prove the Docusign JS embedded signing with Focused View.  I am using C# at the server and JS/jQuery at the client.  I followed all of the steps in the article “How to request a signature using focused view” (https://developers.docusign.com/docs/esign-rest-api/how-to/request-signature-focused-view).

Everything on the server side is fine, but when the JS code runs to load the document for signing, I get the following permission errors:

Refused to frame 'https://apps-d.docusign.com/' because it violates the following Content Security Policy directive: "default-src 'self' https://js-d.docusign.com/". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

 

Refused to connect to 'http://localhost:49618/05e7fec…/browserLinkSignalR/…ationData.browserId&browserId=b7e3-320d&clientProtocol=1.3&_=1728595245739' because it violates the following Content Security Policy directive: "default-src 'self 'https://js-d.docusign.com/". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

 

browserLink:21 Refused to connect to 'http://localhost:49618/05e7fec…/browserLinkSignalR/…ationData.browserId&browserId=67df-3483&clientProtocol=1.3&_=1728595245767' because it violates the following Content Security Policy directive: "default-src 'self'https://js-d.docusign.com/". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to connect to 'wss://localhost:44335/DocusignJS/' because it violates the following Content Security Policy directive: "default-src 'self' https://js-d.docusign.com/". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.


Note that my local app is running at https://localhost:7176/

My Content-Security-Policy header is as follows:

    <meta http-equiv="Content-Security-Policy" content="default-src 'self' https://js-d.docusign.com/;">
 

I am assuming that there is some other header I need to correct this, but haven’t found any information about what that should be.

Hello, did you try to get the C# quickstart from https://developers.docusign.com/docs/esign-rest-api/quickstart/ and try the Focused View example from the launcher? Can you try that one and let me know if that worked for you?


Yes. I did try that, however, these examples are not using focused view or any JS functions from https://js-d.docusign.com/bundle.js.  My implementation uses the JS functions.   


We do have an example in the quickstart that uses Focused View. If you install the right-most (everything) package and search for “Focused View” you’ll find it. 
Let me know if you cannot find it. 


Thanks.

I did find the focused view in the everything package, but the problem with this sample code is that it requires me to sign in to docusign to make it work.  My use case is for a seamless signing for our customers to sign a purchase agreement through our account.  This should not require a signed in DS user.

How can I modify the quick start code such that it is using our DS account, and not requiring a signed in DS user to proceed?


I have the same problem. this is what I get.

Refused to frame 'https://js-d.docusign.com/' because it violates the following Content Security Policy directive: "frame-src 'self' https://docucdn-a.akamaihd.net/ https://apps.docusign.com https://eu.docusign.net https://na3.docusign.net https://na2.docusign.net https://www.docusign.net https://na4.docusign.net https://ca.docusign.net https://au.docusign.net https://account.docusign.com https://au.account.docusign.com https://ca.account.docusign.com https://eu.account.docusign.com https://na.account.docusign.com https://esign.jpmorgan.com https://esign.chase.com https://esign-uat.jpmorgan.com https://esign-uat.chase.com https://verify-d.docusign.net https://verify.docusign.net".

Did you ever find an answer? My C# quickstart launcher works fine but I don’t know what’s in its code to make it work that’s not in my project? I’m trying to make a blazor app. I tried adding this in my program.cs file:

 

app.Use(async (context, next) =>
{
    // Update the Content-Security-Policy header to include all necessary domains
    context.Response.Headersp"Content-Security-Policy"] = "default-src 'self'; " + // Allow everything from the same origin
        "script-src 'self' https://js.docusign.com https://js-d.docusign.com https://www.docusign.net https://www.docusign.com; " + // Allow scripts from DocuSign
        "frame-src 'self' https://js-d.docusign.com https://docucdn-a.akamaihd.net https://apps.docusign.com https://eu.docusign.net https://na3.docusign.net https://na2.docusign.net https://www.docusign.net https://na4.docusign.net https://ca.docusign.net https://au.docusign.net https://account.docusign.com https://au.account.docusign.com https://ca.account.docusign.com https://eu.account.docusign.com https://na.account.docusign.com https://esign.jpmorgan.com https://esign.chase.com https://esign-uat.jpmorgan.com https://esign-uat.chase.com https://verify-d.docusign.net https://verify.docusign.net; " + // Allow frames from DocuSign domains
        "style-src 'self' 'unsafe-inline'; " + // Allow inline styles
        "img-src 'self' https://www.docusign.com data:; " + // Allow images from DocuSign and data URIs
        "connect-src 'self' https://www.docusign.net ws://localhost:* wss://localhost:* http://localhost:59296/ wss://localhost:59296/ http://localhost:52400/ wss://localhost:52400/ http://localhost:53328/;";  // Allow connections to DocuSign APIs, local development, and WebSocket connections

    // Continue the request processing
    await next();
});

but that didn’t work, tried using 

 signing.on('sessionEnd', (event) => {
     console.log('sessionend', event);
     window.top.location.href = 'https://localhost:7032/'; // redirect to the return URL after session ends
 });

but that didn’t work either. 


Reply