get 403 (Forbidden) after call getSessionId() about botframework-directlinejs HOT 7 CLOSED

has any update?

from botframework-directlinejs.

@mkovel I just worked through this issue with the webchat library! How are you initializing the conversation? To solve this I needed to obtain the conversation token by posting the trusted origins:

POST https://directline.botframework.com/v3/directline/tokens/generate

with your master secret as a bearer token and a body of:

{
TrustedOrigins: ["https://URLHOSTINGCLIENTSIDECODE"]
}

Here was my original issue for reference: microsoft/botframework-sdk#4745

from botframework-directlinejs.

Hi, @ukphillips

1. I've received token throug:

POST https://directline.botframework.com/v3/directline/tokens/generate 
Authorization: Bearer ___MY_DIRECTLINE_SECRET___

2. And then are creating new DL with received token

new DirectLine({ token: __RECIEVED_TOKEN__,  webSocket: true});

Did I answer your question?

from botframework-directlinejs.

@ukphillips O... I think finaly I understood what you mean. )))
OK i will try your solution tomorrow and give you feedback.
thanks

from botframework-directlinejs.

@mkovel sounds like you know what I meant, but just make sure you include the JSON body with the TrustedOrigins property when generating the token. Let me know how it goes!

from botframework-directlinejs.

Looks like @ukphillips resolved the issue.

One side note, the TrustedOrigins is being moved inside Direct Line channel settings page. You can find more information in this blog post.

from botframework-directlinejs.

@compulim Is there a way to specify a wildcard as the trusted origin to allow all domains? Configuring it in directline doesn't allow for a * as a domain. We allow for our client to embed on pages of their choice, so it would be difficult to maintain the list of trusted origins.

from botframework-directlinejs.