ah, ok, yeah that part was too magic for me (to believe that it could write the file locally), I get now what the script is doing, very nice…I’ll give it a try
Also note, we’re just one security header away from that not working. So, have a plan B if you’re in Epicor SaaS.
1 Like
Hmmm, with the @Mark_Wonsil security concerns…is there anyway I can tell the browser to do the download from within my function ? (I doubt it, my function is in .Net land, and the browser is in JS land).
I’m no security guy Mark, but are you saying this is a concern if I am worried about the privacy of my download content, or is it that this ability will soon go away because of security standards, and/or using this approach opens oneself up to bigger privacy/hacking concerns ?
^ that is the issue Epicor … CC:@bconner is taking away our toys (with good reason) but hopefully there will be some sort of alternative to achieve similar.
3 Likes
This is one of those reasons I was referring to @Olga .
Of course, I’m hoping that will become built in, and I won’t have
to cobble something together.
Like Jose said, this is the main concern. Let’s say Epicor gets an AppSec auditor in, and one of the (likely) recommendations is to have a Content Security Policy. This is quick and easy to implement and would immediately render this solution D.O.A.
This might be one of the XY Problems that @timshuwy mentions. Instead of going back to the business purpose (notification in this case), our problem becomes “How can I implement the old solution in the new context?” instead of looking at the need with fresh eyes.
1 Like
Great points Mark, super interesting considerations and insights.
Does this ‘hack” require building the layer on the report slider (eg. UIRpt.xxxx) then corresponding menu item updated to us the layer?
Yup.
Just tried building this quickly for SOA. Maybe I’m doing something wrong but simply assigning the layer here didn’t do anything.
Do I need to call the custom layer at the event side instead?
Yes–whatever event launches the report, you will need to call out the custom layer. A lot of times, this requires you to disable/hide/remove the old print button and add your own which links to your own OnClick event.
Finding the same issue. BAQ returns the previous report because it executes before the report finishes. Adding a delay is good but maybe not perfect.
Aside from JS security risks this is a lot of work to do for all reports frequently used. Will wait for 2023.1 to see what Epicor has to offer. This was a great exercise and learning. Thanks all
Sorry to be a buzzkill but I can answer any question about this right now - You will not be able to do this kind of js twiddling long term and you should not rely on it because we will for sure for security and application stability reasons be sandboxing any kind of code evaluation.
The reason you have it now is not because we need an appsec auditor to tell us about basic owasp recommendations like CSP (though we do of course have that) it’s that we’ll be adding an execution sandbox and factoring out anything that’s allowing execution without breaking basic things you do need to do in expressions. So have your fun while it lasts but we do not recommend doing anything in an expression besides evaluating a boolean expression with the data that we hand you access to from the dataviews or it is almost certainly going to be blocked by our sandbox later. Expect that your expressions will run in a different browser context entirely actually.
1 Like
Also by the way automatic opening (downloading and whatever you tell your browser to do with pdf automatically) of print previews and data exports is delivered in 2023.1 so it’s already in controlled release with this feature and those of you in SaaS are about to have it in pilot. There’s no need to hack this behavior in after that point.
4 Likes
What about files other than pdf’s ?
In my case I need to construct a draft .eml file that the user can download and preview/edit before sending
Any update on this ?
(Will there be general file support or just pdf’s ?)
my reply above, we want to generate a (draft) email that can then be downloaded and opened locally, similar to how you would handle a pdf
The feature where we initiate the download automatically is part is for report previews and data exports specifically so it’s going to operate on any file type those produce (offhand i don’t know if you can get a report to return a draft .eml) and then the browser will do whatever you’ve told it to do with that filetype. We have not made any code for specific filetypes here it’s just - when it’s done start downloading whatever the service produces.
With respect to getting any filetype to open in a viewing application automatically you can do that by download a file of the type once and then each browser has some settings you can activate (usually right click) on the file it’s download like here is chrome’s which will remember what you tell it for the filetype. Works on anything.
3 Likes
Yes, I am aware of how the browser file download/open works,
This sounds overly restrictive (reports and queries), we have a working feature that we can no longer use in Kinetic now. I can’t imagine have a report that can make an email draft in the right format
But even this solution has its drawbacks. While it’s worked since Outlook '97, will it work for people in Outlook Web? Or Mobile? This solution restricts people to a desk. The current solution also has the potential of an .msg file being created and never sent as well as the possibility of being sent twice.
Yes, I understand that we all have limited time and reworking a “working” solution seems pointless. But sometimes it is beneficial to look at a problem with fresh eyes. We might find it’s worth upgrading our old solutions to meet the current and future needs of our coworkers. Just a thought. 
4 Likes
Can you confirm this feature is in the current release?