|
| Re: [Browser] cross-domain-scripting is not handled [message #727915 is a reply to message #727856] |
Thu, 22 September 2011 07:48   |
Eclipse User |
|
|
|
Hi Yury,
could you please do some more investigation in your environment, which
code (if branch) exactly throw the error? Some url examples (url of the
application, url of the page in the browser) that trigger the error will
help too. If you look at Browser#_srcInLocalDomain, probably localDomain
is different than srcDomain when the error is thrown.
Best,
Ivan
On 9/22/2011 8:22 AM, Yury wrote:
> Hello.
>
> Can anybody describe the reason of the bug:
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=330361 ?
> Why we should look the ability to call JS code if the loaded page is
> from another domain? Sometimes this Browser._checkIframeAccess()
> throws Error in our client-appache-server configuration. The error is
> disappear if we comment this checking and we wonder is the error in
> the Browser component or in our appache configuration.
>
> Best regards,
> Yury.
|
|
|
| Re: [Browser] cross-domain-scripting is not handled [message #727944 is a reply to message #727915] |
Thu, 22 September 2011 09:22 |
| Eclipse User |
|
|
|
Hi, Ivan.
Here is Browser.js code:
_throwSecurityException : function( domainUnkown ) {
var statics = org.eclipse.swt.browser.Browser;
var localDomain = statics.getDomain( document.URL );
var srcDomain = domainUnkown ? null : statics.getDomain( this.getSource() );
var msg = "SecurityRestriction:\nBrowser-Widget can not access "
msg += srcDomain !== null
? "\"" + srcDomain + "\""
: "unkown domain";
msg += " from \"" + localDomain + "\".";
throw new Error( msg );
},
and we got here srcDomain ="localhost:80" and localDomain="localhost".
We are using RAP 1.4 from its release branch.
_checkIframeAccess() is called from Browser.execute() method and throws Error.
Best regards,
Yury.
|
|
|
| Re: [Browser] cross-domain-scripting is not handled [message #727991 is a reply to message #727944] |
Thu, 22 September 2011 10:34 |
| Eclipse User |
|
|
|
Hi Yury,
would you mind to open a bugzilla about this issue? We have to treat
"localhost:80" and "localhost" as same domain if scheme is http ( same
for "localhost:443" and "localhost" if scheme is https). As a
workaround, could you try to understand from where the port 80 comes in
the url and remove it.
Best,
Ivan
On 9/22/2011 12:22 PM, Yury wrote:
> Hi, Ivan.
>
> Here is Browser.js code:
>
> _throwSecurityException : function( domainUnkown ) {
> var statics = org.eclipse.swt.browser.Browser;
> var localDomain = statics.getDomain( document.URL );
> var srcDomain = domainUnkown ? null : statics.getDomain(
> this.getSource() );
> var msg = "SecurityRestriction:\nBrowser-Widget can not access "
> msg += srcDomain !== null ? "\"" + srcDomain + "\""
> : "unkown domain"; msg += " from \"" + localDomain +
> "\".";
> throw new Error( msg ); },
>
> and we got here srcDomain ="localhost:80" and localDomain="localhost".
> We are using RAP 1.4 from its release branch.
> _checkIframeAccess() is called from Browser.execute() method and
> throws Error.
>
> Best regards,
> Yury.
|
|
|
| Re: [Browser] cross-domain-scripting is not handled [message #728004 is a reply to message #727991] |
Thu, 22 September 2011 11:20 |
| Eclipse User |
|
|
|
Hi, Ivan.
I will try to investigate the cause of 80 port in the url and probably I will can to create a snippet or describe the problem clearly after that to open a bugzilla. Don't sure that it is a RAP problem and don't have enough time to investigate the problem now. Will look at this later. Anyway, thank you for help!
Best regards,
Yury.
|
|
|
Powered by
FUDForum. Page generated in 0.02893 seconds
] 
Search
Help
Register
Login
Home
