/orbeon
. (With Java web apps, that first part of the path is referred to as the "context", and you can deploy Orbeon Forms on a context other than /orbeon
, say /forms
. However, in what follows, we'll just assume you've kept /orbeon
.)JSESSIONID
cookieJSESSIONID
cookie is properly forwarded. You can for instance check this with the Chrome Dev Tools using the Network tab. Make sure that:/orbeon
, the response sets JSESSIONID
cookie.JSESSIONID
cookie set earlier is sent by the browser, and the server doesn't in turn set another JSESSIONID
in the response. (I.e. the value of the JSESSIONID
cookie sent by the browser to the server shouldn't change for the duration of the session.)/orbeon
. If you don't require users to be authenticated to access that path, they might be able to bypass the authentication you've put in place for your app, say under /app
, and instead access directly Orbeon Forms making requests to paths under /orbeon
.<head>
:embedForm()
API"/orbeon"
"human-resources"
"job-application"
"new"
"new"
, "edit"
, or "view"
new
, the document to be loaded"job=clerk"
documentId
parameter is mandatory for modes other than new
, and must be undefined
when the mode is new
. For new
, if you don't need to pass ny of parameters after documentId
, you can just omit the documentId
and all subsequent parameters in your call to ORBEON.fr.API.embedForm()
; otherwise, you must explicitly pass undefined
as the value of documentId
.headers
parameter is supported [SINCE Orbeon Forms 2021.1.1]. You can also access the value of such headers in the form you're embedding with the function xxf:get-request-header()
.destroyForm()
APIORBEON.fr.API.embedForm()
a second time for form B, and don't need to explicitly first call destroyForm()
.