Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Remote Application Platform (RAP) » [Browser] cross-domain-scripting is not handled(SecurityRestriction)
[Browser] cross-domain-scripting is not handled [message #727856] Thu, 22 September 2011 05:22 Go to next message
Yury Mising name is currently offline Yury Mising nameFriend
Messages: 95
Registered: May 2010
Location: Russia
Member
Hello.

Can anybody describe the reason of the bug:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=330361 ?
Why we should look the ability to call JS code if the loaded page is from another domain? Sometimes this Browser._checkIframeAccess() throws Error in our client-appache-server configuration. The error is disappear if we comment this checking and we wonder is the error in the Browser component or in our appache configuration.

Best regards,
Yury.
Re: [Browser] cross-domain-scripting is not handled [message #727915 is a reply to message #727856] Thu, 22 September 2011 07:48 Go to previous messageGo to next message
Ivan Furnadjiev is currently offline Ivan FurnadjievFriend
Messages: 2429
Registered: July 2009
Location: Sofia, Bulgaria
Senior Member
Hi Yury,
could you please do some more investigation in your environment, which
code (if branch) exactly throw the error? Some url examples (url of the
application, url of the page in the browser) that trigger the error will
help too. If you look at Browser#_srcInLocalDomain, probably localDomain
is different than srcDomain when the error is thrown.
Best,
Ivan

On 9/22/2011 8:22 AM, Yury wrote:
> Hello.
>
> Can anybody describe the reason of the bug:
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=330361 ?
> Why we should look the ability to call JS code if the loaded page is
> from another domain? Sometimes this Browser._checkIframeAccess()
> throws Error in our client-appache-server configuration. The error is
> disappear if we comment this checking and we wonder is the error in
> the Browser component or in our appache configuration.
>
> Best regards,
> Yury.
Re: [Browser] cross-domain-scripting is not handled [message #727944 is a reply to message #727915] Thu, 22 September 2011 09:22 Go to previous messageGo to next message
Yury Mising name is currently offline Yury Mising nameFriend
Messages: 95
Registered: May 2010
Location: Russia
Member
Hi, Ivan.

Here is Browser.js code:
    _throwSecurityException : function( domainUnkown ) {
      var statics = org.eclipse.swt.browser.Browser;
      var localDomain = statics.getDomain( document.URL );
      var srcDomain = domainUnkown ? null : statics.getDomain( this.getSource() );
      var msg = "SecurityRestriction:\nBrowser-Widget can not access " 
      msg +=   srcDomain !== null 
             ? "\"" + srcDomain + "\"" 
             : "unkown domain"; 
      msg += " from \"" + localDomain + "\".";
      throw new Error( msg );      
    },

and we got here srcDomain ="localhost:80" and localDomain="localhost".
We are using RAP 1.4 from its release branch.
_checkIframeAccess() is called from Browser.execute() method and throws Error.

Best regards,
Yury.
Re: [Browser] cross-domain-scripting is not handled [message #727991 is a reply to message #727944] Thu, 22 September 2011 10:34 Go to previous messageGo to next message
Ivan Furnadjiev is currently offline Ivan FurnadjievFriend
Messages: 2429
Registered: July 2009
Location: Sofia, Bulgaria
Senior Member
Hi Yury,
would you mind to open a bugzilla about this issue? We have to treat
"localhost:80" and "localhost" as same domain if scheme is http ( same
for "localhost:443" and "localhost" if scheme is https). As a
workaround, could you try to understand from where the port 80 comes in
the url and remove it.
Best,
Ivan

On 9/22/2011 12:22 PM, Yury wrote:
> Hi, Ivan.
>
> Here is Browser.js code:
>
> _throwSecurityException : function( domainUnkown ) {
> var statics = org.eclipse.swt.browser.Browser;
> var localDomain = statics.getDomain( document.URL );
> var srcDomain = domainUnkown ? null : statics.getDomain(
> this.getSource() );
> var msg = "SecurityRestriction:\nBrowser-Widget can not access "
> msg += srcDomain !== null ? "\"" + srcDomain + "\""
> : "unkown domain"; msg += " from \"" + localDomain +
> "\".";
> throw new Error( msg ); },
>
> and we got here srcDomain ="localhost:80" and localDomain="localhost".
> We are using RAP 1.4 from its release branch.
> _checkIframeAccess() is called from Browser.execute() method and
> throws Error.
>
> Best regards,
> Yury.
Re: [Browser] cross-domain-scripting is not handled [message #728004 is a reply to message #727991] Thu, 22 September 2011 11:20 Go to previous message
Yury Mising name is currently offline Yury Mising nameFriend
Messages: 95
Registered: May 2010
Location: Russia
Member
Hi, Ivan.

I will try to investigate the cause of 80 port in the url and probably I will can to create a snippet or describe the problem clearly after that to open a bugzilla. Don't sure that it is a RAP problem and don't have enough time to investigate the problem now. Will look at this later. Anyway, thank you for help!

Best regards,
Yury.
Previous Topic:ScrollBar Widget LCA
Next Topic:Eclispe E4 and RAP
Goto Forum:
  


Current Time: Mon Jan 13 16:31:51 GMT 2025

Powered by FUDForum. Page generated in 0.03177 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top