Skip to main content
Version: 2.5

Requirements

Enable CORS on Finesse Server for Salesforce hosted deployments (Finesse 11.6(1) ES4 or newer)

CORS is disabled by default in Finesse from version 12.0. Please enable it in order to load the Gadget correctly on a Salesforce hosted deployment. This operation is not needed for Finesse hosted deployments.

To enable CORS on Finesse servers use the following procedure:

  1. Check the section Compose Domains for CORS and CSP Configuration for instructions on how to Compose the Gadget URL which applies to your environment

  2. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to Finesse CLI (Command Line Interface)

  3. Execute the following commands on the Finesse CLI to add the Gadget URL to the whitelist and enable CORS (CCE and CCX):

    utils finesse cors allowed_origin add <Gadget URL>
    utils finesse cors enable

  4. Execute the following commands on the Finesse CLI to restart Finesse Tomcat and the Finesse Notification Service:

    CCE

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Finesse Notification Service

    CCX

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Unified CCX Notification Service

  5. Repeat steps 2 to 4 on every Finesse server

info

In order to disable CORS, execute utils finesse cors disable and restart the services.

Enable Content Security Policy on Finesse Server (Finesse 11.6(1) ES10 or newer, Finesse 12.0(1) ES4 or newer, Finesse 12.5(1) ES3 (CCE) ES2 (CCX) or newer)

Content Security Policy (CSP) is a standardized set of security directives that can inform the browser of the policies to be used to help mitigate various forms of attacks. The CSP frame-ancestor policy defines the allowable locations from where the Finesse desktop can be accessed as embedded HTML content, which can help prevent click-jacking attacks.

Finesse 12.0(1) ES4 or newer, Finesse 12.5(1) ES3 (CCE) ES2 (CCX)

To enable Frame Access on Finesse server use the following procedure:

  1. Check the section Compose Domains for CORS and CSP Configuration for instructions on how to Compose the Lightning, Classic and Gadget URLs which apply to your environment

  2. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to Finesse CLI (Command Line Interface)

  3. Execute the following commands on the Finesse CLI to add the URLs to the whitelist (CCE and CCX):

    utils finesse frame_access_whitelist add <Lightning URL>
    utils finesse frame_access_whitelist add <Gadget URL>

  4. Execute the following commands on the Finesse CLI to restart Finesse Tomcat and the Finesse Notification Service:

    CCE

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Finesse Notification Service

    CCX

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Unified CCX Notification Service

  5. Repeat steps 2 to 4 on every Finesse server

Finesse 12.5(1) ES4 or newer

To enable Frame Access on Finesse server use the following procedure:

  1. Check the section Compose Domains for CORS and CSP Configuration for instructions on how to Compose the Lightning, Classic and Gadget URLs which apply to your environment

  2. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)

  3. Execute the following commands on the Finesse CLI to add the URLs to the whitelist (CCE and CCX):

    utils finesse frame_access_allowed_list add <Lightning URL>
    utils finesse frame_access_allowed_list add <Gadget URL>

  4. Execute the following commands on the Finesse CLI to restart Finesse Tomcat and the Finesse Notification Service:

    CCE

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Finesse Notification Service

    CCX

    utils service restart Cisco Finesse Tomcat
    utils service restart Cisco Unified CCX Notification Service

  5. Repeat steps 2 to 4 on every Finesse server

Finesse 11.6(1) ES10 or newer

To allow Finesse resources to be loaded inside any Iframe you need to use following procedure:

  1. Open an SSH session to the Finesse server with an SSH client (e.g. PuTTY) and log on to the Finesse CLI (Command Line Interface)

  2. Execute the following command on the CLI:

    utils finesse xframe enable_all
    utils service restart Cisco Finesse Tomcat

  3. Repeat steps 1 and 2 on every Finesse server

Whitelist Gadget URL on Reverse Proxy for VPN-less Finesse

Compose Gadget URL

  1. Check chapter Compose Domains for CORS and CSP Configuration and compose the Gadget URL according to your deployment.
  2. Remove "https://" prefix and ":*" suffix
  3. Store modified URL for later use

Add Gadget URL to reverse proxy

Add the retrieved URL from previous step to the list of whitelisted domains.
For details about reverse proxy configuration/installation, please refer to Cisco's official documentation:

Compose Domains for CORS and CSP Configuration

CORS and CSP directives are bound to specific domains configured on the Finesse CLI. The domains required to be whitelisted for the b+s Connects for Salesforce package highly depend on your My Domain settings inside your Salesforce org.

There are always three different domains which need to be whitelisted:

  • Domain for Salesforce Lightning top frame URL
  • Domain for Salesforce Classic Console top frame URL
  • Domain for the softphone frame URL

The properties of the Salesforce org which affect the domains are:

  • My Domain name of the org
  • Whether or not the org is a sandbox
  • Whether or not Enhanced Domains are enabled
  • If Enhanced Domains are disabled, whether or not URL Stabilization for Visualforce pages are enabled

You can get the My Domain Name name of your Salesforce org by going to Setup | Company Settings | My Domain.

Here you can find out how to compose these domains for your environment:

For Non Sandbox Orgs

Enhanced Domain Enabled

TypeURL
Lightning URL:https://<my-domain>.lightning.force.com:*
Gadget URL:https://<my-domain>--cnxscv.vf.force.com:*

Enhanced Domain Disabled and URL Stabilization enabled

TypeURL
Lightning URL:https://<my-domain>.lightning.force.com:*
Gadget URL:https://<my-domain>--cnxscv.visualforce.com:*

Enhanced Domain Disabled and URL Stabilization disabled

TypeURL
Lightning URL:https://<my-domain>.lightning.force.com:*
Gadget URL:https://<my-domain>--cnxscv.<instance>.visual.force.com:*

For Sandbox Orgs

Enhanced Domain Enabled

TypeURL
Lightning URL:https://<my-domain>--<sandbox-name>.sandbox.lightning.force.com:*
Gadget URL:https://<my-domain>--<sandbox-name>--cnxscv.sandbox.vf.force.com:*

Enhanced Domain Disabled and URL Stabilization enabled

TypeURL
Lightning URL:https://<my-domain>--<sandbox-name>.lightning.force.com:*
Gadget URL:https://<my-domain>--<sandbox-name>--cnxscv.visualforce.com:*

Enhanced Domain Disabled and URL Stabilization disabled

TypeURL
Lightning URL:https://<my-domain>--<sandbox-name>.lightning.force.com:*
Gadget URL:https://<my-domain>--<sandbox-name>--cnxscv.<instance>.visual.force.com:*

Additional PV/ECC

In order to link transferred calls within Salesforce, an additional call variable is needed. A reference to the original voice call will be saved in it. It is passed to the second agent so that they can link their voice call to the original one. See configuration here.

Last updated on