Dear Community,
currently, I am facing a Problem.
My project setting is the following. I am using Camunda as a shared engine on Tomcat. I am developing embedded forms in the Camunda Tasklist. Those embedded forms are react/JSX forms that are transpiled to javascript by using the maven frontend plugin. In those react forms I am using the component react-to-print.
Until Camunda 7.17 this works. Starting from Camunda 7.18 it stops working with the error:
Ignored call to 'print()'. The document is sandboxed, and the 'allow-modals' keyword is not set.
I am not using an iframe. I guess the Camunda Tasklist uses an iframe for loading the embedded forms. However, something has changed from 7.17 to 7.18. As the underlying Tomcat is the same, Tomcat cannot be blamed. Consequently, it has something to do with Camunda.
In the docs I found that one can specify the security headers:
So, I tried:
<filter>
<filter-name>HttpHeaderSecurity</filter-name>
<filter-class>
org.camunda.bpm.webapp.impl.security.filter.headersec.HttpHeaderSecurityFilter
</filter-class>
<init-param>
<param-name>contentSecurityPolicyValue</param-name>
<param-value>
sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-downloads allow-modals
</param-value>
</init-param>
</filter>
However, putting this into my web.xml the deployment fails with no speaking exception.
03-May-2023 14:36:05.760 INFORMATION [Finalizer] org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading Illegal access: this web application instance has been stopped already. Could not load [org.apache.http.impl.conn.PoolingHttpClientConnectionManager$2]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
java.lang.IllegalStateException: Illegal access: this web application instance has been stopped already. Could not load [org.apache.http.impl.conn.PoolingHttpClientConnectionManager$2]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access.
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForResourceLoading(WebappClassLoaderBase.java:1432)
at org.apache.catalina.loader.WebappClassLoaderBase.checkStateForClassLoading(WebappClassLoaderBase.java:1420)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1259)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1220)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.shutdown(PoolingHttpClientConnectionManager.java:413)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.finalize(PoolingHttpClientConnectionManager.java:207)
at java.base/java.lang.System$2.invokeFinalize(System.java:2361)
at java.base/java.lang.ref.Finalizer.runFinalizer(Finalizer.java:96)
at java.base/java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:174)
Any help is appreciated.