In October 2024, we announced that the security requirements for integrating DocuWare Cloud elements into external web applications had been strengthened. The changes apply to things like online forms or results lists embedded as an iFrame. The deadline has been extended by a month, but nonetheless we urgently recommend that you take action now: By September 30, 2025 at the latest, all affected web applications belonging to your DocuWare Cloud clients’ need to be registered in the configuration module “Central Gateway Settings” so that they can load DocuWare Cloud elements going forward.
DocuWare is tightening up its CORS policy (Cross-Origin Resource Sharing)—the security guidelines for loading web applications in third-party domains—for DocuWare Cloud clients. As of October 10th, 2025, DocuWare Cloud elements will only be able to load on websites or other web applications if these have been registered in the central gateway.
Who is affected?
All customers who integrate elements of DocuWare Cloud into web applications. Examples include:
- A DocuWare form that is embedded in a website via iFrame.
- A list of results that is embedded in a website as an iFrame via URL integration link.
Your action item
Affected customers must enter the addresses of the corresponding websites in the new configuration module “Central Gateway Settings” by September 30, 2025, at the latest, so that integrations will work as usual. This module is located within the DocuWare configuration in the General area.
Enter the domains into which DocuWare Cloud elements are to be loaded.
What will happen after October 1, 2025?
DocuWare Cloud elements will no longer load in non-registered domains, so they will not be visible.
For more information, see this Knowledge Base Article.
Read the original announcement from October 2024.
