The goal is to use a self-hosted app within MindSphere.
The app itself is for now just the plain standard demo-app from Mendix that you can create immediatelly when you set up an account there. So the app currently has no interaction with any MindSphere APIs at all.
In my case the app is located here within the Mendix-Cloud:
This runs fine and no critical errors show up within the Chrome Debugger.
Now I just want the very same thing to be available using the MindSphere Launchpad as a Selfhosted App. So in the first development step there should be no connectivity to any data stored in MindSphere.
Using Chrome's Debugger I was able to get rid all reported CSP-related errors when configuring the self-hosted-app in the developer cockpit - but the app still does not show up.
Looking at the Chrome Debugger's network tab, I can see that one of the post-request seems not to work (/xas/), see screenshot "failed-postrequest", but the response tab is empty in Chrome (probably because MindSphere redirects and shows a gateway error immediatelly afterwards which looses the debugger information - see screenshot "gatewayerror")
Anyway: using Firefox debugger I was able to get the response of the failed request:
MindSphere Gateway error: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'.
I found a similar thread here in the community (Invalid-CSRF-Token-null-was-found-on-the-request) but as far as I understood this relates only to API authentication there - and as stated before: There are no API calls at all yet.
Do you have any suggestions to get this up and running? Or what else do I need do provide?
Thanks a lot
The '/login.html' issue might be due to the MindSphere Gateway hijacking all '/login*' endpoints, but I'm not sure. I know that you cannot use '/login/**' nor '/api/**' on your app, since it is used internally, but I don't know about individual file mappings.
The '/xas' might be in the same "hijacked" league.
What I would do to debug this is to try to expose the app through a custom path, such as '/myapp' and then put everything below it. Most http frameworks allow you to do such mapping with a single configuration variable. If that works, then you know it is something with the mapping conflicts.
@dlouzan: Thanks for the hint. I have currenty no way of exposing the app differently, because it is just basic Mendix representation (build via the Mendix Webmodeler). But still you might be correct
Also I just received the information, that if applications are running through the MindSphere Gateway and are using other http requests than GET (i. e. POST, PUT, PATCH, DELETE) those request have to implement the X-XSRF session token added to their request headers to prevent cross site request forgeries. This need for such a token also applies if those requests are not related to MindSphere data at all: since the calls are "rerouted" through the gateway, they all are checked for this token to ensure validity of the request.
A general approach to deal with this would be to create some kind of hook in the app, that encapsulates all request to add this token information.
In the end my issue may even relate to both (XRSF and "hijacking") ...
I don't think that anyone would disable authentication mechanisms for my case. I guess they are in place for some reason
Actually I only wanted to share why it currently doesn't work for now.
in order to get a standard demo-app from Mendix run as self-hosted app in MindSphere you have to use the additional App Store Module : MindSphereSingleSignOn from here:
and configure it according to the documentation found here:
you have to apply a few changes to the default index.html page of your app with an editor of your choice.
Details about that process could be found here:
There chapter 4 (MindSphere Theme pack) and 5 (Appendices)
you could import the "MindSphere Theme Pack" which contains all this changes already from here:
If you plan to develop Apps for MindSphere with Mendix there are some Starter Apps available in the Mendix AppStore. Just search for "MindSphere" in the Mendix App Store:
Starter App: https://appstore.home.mendix.com/link/app/109130/
Pump Asset Example: https://appstore.home.mendix.com/link/app/108810/
Asset Monitoring App: https://appstore.home.mendix.com/link/app/110127/