Chromium Cross Site Issue in Jasper Server

Posted on by By Satya Gopi, in Jaspersoft | 1

Prerequisites : Jasper Server 6.4.0 Enterprise

Make data easy with Helical Insight.
Helical Insight is the world’s best open source business intelligence tool.

Click Here to Free Download

In recent times we are seeing below issue in browser console when loading pages containing embedded content from Jasper Server “Blocked auto-focusing on a form control in a cross-origin sub-frame”

Chromium Cross

So to fix this issue Jasper has provided 3 options

  1. Hot fixes : Hot fixes was applicable for only few versions as per blog. Current version which we are using(6.4.0) is not among those versions.
  2. Don’t access JasperReports Server in a cross site way : Recommends usage of single domain.
  3. Update application servers to inject cookie flags : Last option of updating application servers i.e. adding the following: ‘SameSite=None’ and ‘Secure’ in jasper server. But for this the server need to HTTPS

Reference of the blog: Chromium 80 Update February 2020 Cross Site Cookie Blocking Jaspersoft

When I was trying to use the above 3 options it was not much helpful in fixing the issue,So I have taken the Hot fix of 6.4.4 version and understand the implementation that they done to fix the issue ,and implemented the same in 6.4.0 version and worked fine

Please follow below steps to over come the issue

Step 1: In applicationContext-security-web.xml file we need to add responseHeadersUpdater beans as follows

<bean id="delegatingPreAuthenticatedFilter"
        <property name="targetBeanName" value="proxyPreAuthenticatedProcessingFilter"/>
        <property name="defaultFilter">
            <bean class="com.jaspersoft.jasperserver.war.NullFilter"/>
        <property name="responseHeadersUpdater" ref="responseHeadersUpdater"/>

 <bean id="successHandler" class="" >
        <property name="defaultTargetUrl" value="/loginsuccess.html" />
        <property name="sessionRegistry" ref="sessionRegistry"/>
        <property name="jsonRedirectUrl" ref="authSuccessJsonRedirectUrl"/>
        <property name="responseHeadersUpdater" ref="responseHeadersUpdater"/>

 <bean id="restLoginAuthenticationFilter"
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        <property name="responseHeadersUpdater" ref="responseHeadersUpdater"/>

 <bean id="responseHeadersUpdater" class="">
        <property name="cookieHeaders">
            <util:map value-type="java.util.List">
                <entry key="Set-Cookie">
                    <util:list id="cookie-list">

After adding/updating above beans , we need to add there respective classes in Jasper server as below.

Step 2: Create a folder structure as <Jasper Dir>\WEB-INF\classes\com\jaspersoft\jasperserver\api\security\externalAuth and add the JSDelegatingFilterProxy.class file

Step 3: Create a folder structure as <Jasper Dir>\WEB-INF\classes\com\jaspersoft\jasperserver\api\security and add JrsAuthenticationSuccessHandler.class ,ResponseHeaderUpdater.class

Step 4: Create a folder structure as <Jasper Dir>\WEB-INF\classes\com\jaspersoft\jasperserver\rest and add RESTLoginAuthenticationFilter.class

Make data easy with Helical Insight.
Helical Insight is the world’s best open source business intelligence tool.

Get your 30 Days Trail Version

Step 5: Stop the server and delete the Temp and Work folder in Tomcat and start the server

Note: Please download and unzip class files in below attachment

Class Files
BI Developer
Helical IT Solutions Pvt Ltd


Best Open Source Business Intelligence Software Helical Insight Here


A Business Intelligence Framework


Best Open Source Business Intelligence Software Helical Insight is Here


A Business Intelligence Framework

5 1 vote
Article Rating
Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments

Thanks a ton, Satya!

We had this issue and could not have solved it without the solution you have provided above!