There was a problem loading the comments.

Office Online Server editing doesn't work when Cloudflare DNS/WAF is used

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Original Question

or Issue:

Office Online Server editing doesn't work when Cloudflare DNS/WAF is used

Environment:

  • Product - Any
  • Version - Any
  • Platform - Any
Steps to Reproduce:

 

Route the traffic to on-prem Office Online server via Cloudflare.

Error or Log Message: Trying to edit files using Office Online will show an error. The browser developer console will show an error Header set X-Frame-Options is set to 'SAMEORIGIN' and Office Online URL is not allowed to load.

Defect or

Enhancement Number:

 
Cause:  

Resolution or

Workaround:

Checked Cloudflare for specific "Response Header Transform Rules" or "Managed Transforms" have "Add security headers" enabled. This needs to be overridden with some custom content security rules to allow cross scripting with FileCloud URL in your Cloudflare, based on your organizations Cloudflare policies.

This may not be caused by an issue at the FileCloud .htaccess file. If the browser console shows errors related to default-src or SAMEORIGIN, please make sure the Office Online server URL is added to default-src and frame-ancestors in the .htaccess file.

Example: 

Header set Content-Security-Policy: "default-src 'self' oos.filecloudlabs.com ........ \
    connect-src ............... \
    style-src ................. \
    script-src .................. \
    font-src ..................... \
    img-src ....................... \
    frame-ancestors 'self' oos.filecloudlabs.com ............ \
    worker-src ................."



 

Notes:   

Share via

Related Articles


Self-Hosted Help Desk Software by SupportPal
© FileCloud