Get blocked url emitted from iframe in the parent - iframe

I have an iframe that has html/scripts injected into it that I have no control of. This iframe is part of a webview that we use in a mobile app so all redirects that occur need to go through the native levels. This is why popups need to remain blocked.
I see the URL of the new location in the console whenever I try to navigate away:
Blocked opening 'https://www.newwebsite.com/' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.
Is there someway to intercept the URL that is blocked from within the parent?
I have tried adding click event listeners to the <a> tags which solves some of my problems but this does not work for window.open calls.
Any tips or advice is would be very helpful. Thanks!

Related

CefSharp browser refreshes after it loses its parent

So, I have a ChromiumBrowser inside a Windows Form in VB.net.
That form is atached to the "main" parent of the application. When the From is stripped from its parent, it becomes undocked and can be moved outside of the main form. But the moment the parent is removed, the browser is refreshed and I don't want it to do that.
I implemented IResourceHandler to check what method is being called but now the browser won't work because it doesn't know how to handle anything.
Is there a specific handler where I can intercept that call?
Any info is appreciated.
EDIT: Ok, so after reading #amaitland 's comment I changed the URL that I was using to instead load google, and after undocking the form it looks like it is refreshing, but manages to keep the page where it was.
The weird thing is, the default browser does not behave like this.

Backbone Project, How to navigate back when there is a iframe within the view?

How to navigate back when there is a iframe within the view?
After user clicks on a link to other pages from within the iframe, the browser history gets append on to it as well so that I cant use "window.history.back()" to go back, since "-1" will take user back within iframe and not the actual app itself.
What is a good way to solve this so that when back button pressed its the previous "route" and not the history of iframe history?
try doing something like this, from the Iframe:
window.top.history.back();
or
back to backbone app
This way you are accessing the Iframe's parent window history, not the Iframe itself. As long as you navigate to the Iframe from your SPA, this should work.

flex 4.6 set browser url like window.location for pages within same base url

flex 4.6
seems like a noob Q. but I would like to change the browser url page not domain, from http://myUrl.com/page1 to http://myUrl.com/page2. I have tied IBrowserManager .setFragment(page2) this seems to add to the existing url http://myUrl.com/page1#page2.
Is there a way to do this?
I am looking to do two things,
reset the application to its load state if the user logs out or session ends etc - ie reload the page and start again http://myUrl.com/page1
as the site will not be updated in one go, if the user reaches the end of the app and needs to navigate to a html page from the app loaded via page1 http://myUrl.com/page2.
Thx
Art
BrowserManager is supposed to manage application states and support inner history of Flex application. setFragment method controls only url part after #, which actually doesn't reload the page. What you need is navigateToURL function.
navigateToURL("http://myUrl.com/page2", "_self");

Server-side detection that a page is shown inside an IFrame

Is it possible to determine - server-side - whether a page has been loaded within an IFrame?
When certain errors happen in my application the user gets redirected to Default.aspx and an error message is shown. The text of that error message gets set in session by exception handling code. The error message gets cleared from session once it has been shown.
However, part of my application has to use an IFrame (it's doing a 3D Secure card payment check, which mandates an IFrame in order to display the card provider's authentication UI). If an error takes place during this process my redirect takes effect within the IFrame. I am using JavaScript to detect this and reload Default.aspx correctly, but this means that I get two Page_Loads in rapid succession, and the error message only gets shown on the first one (and then cleared).
You can do it in client side: How to identify if a webpage is being loaded inside an iframe or directly into the browser window?
The workaround i found is put some identifier into querystring of a url opened inside iframe.
I don't think you can detect in the sense of having some sort of Page.IsInIFrame() kind of functionality, but you could consider having different base classes for those pages that are loaded in an IFrame and those that aren't so that you can know the error is from a request that was for an IFrame page that may help to some extent.
There's no way from the server-side. The only way is via javascript. When you do the redirect, can you pass the error message or code via a querystring?
Won't it work to redirect using Javascript with window.location? Forcing a full page redirect?
This is impossible because client can open iframe with javascript disabled. http://caniuse.com/#feat=iframe-sandbox
simply, check the url of current page..
if it's the same with the IFrame page then redirect to Default.aspx or whatever.
Dim urlpath1 As String = HttpContext.Current.Request.Url.AbsoluteUri
If Right(urlpath1, 13) = "WebForm1.aspx" Then
Response.Redirect("~/")
Else
Response.Write("It's OK!")
End If

How to disable browser postback warning dialog

I have an asp.net application that runs exclusively on IE7 (internal web site).
When a user needs to enter data, I pop up a child window with a form. When the form closes, it calls javascript:window.opener.location.reload(true) so that the new data will display on the main page.
The problem is that the browser complains that it must repost the page. Is there any way to turn this feature off?
No, but there is a solution. Its generally considered good design to use a 302 redirect immediately after someone posts data to a page. This prevents that popup from ever occuring. Allow me to elaborate.
1) The user fills in a form and submits data via POST.
2) The backend receives the data and acts upon it.
3) Instead of returning the content to the user, the backend issues a 302 redirect as soon as its done processing the page (possibly redirecting the user back to the exact same url, if need be)
4) The page that the user will see is the page you told their browser to redirect to. They will load up the redirected page with a standard GET request. If they try to refresh the page, it will not repost the data. Problem solved.
This is a problem with the usual "postback" way of ASP.NET. If you need to reload a page without this warning, this page must come from a GET, not a POST. You could do a Response.Redirect("...") yourself. But this will destroy the use of viewstate.
asp.net mvc fixes this issue, not an ie7 only problem but a security feature of most browsers. No fix that I know of except you could just update the content in the main form with js rather than reloading the whole page
It's because the page in window.opener comes from a POST Request
Maybe you can use
javascript:window.opener.location = window.opener.location; to do just a GET request if the data can be fetched without a POST.
I do not believe that there is a way to do that. Instead, why not direct the parent window to a page without a reload.
javascript:window.opener.location='your url'
AFAIK, not via your scripts.
You might try:
window.opener.location = '#';
It should circumvent the browser reposting. And, you can adjust the hash name as needed.
If you move from page1 to page2, and want to disable the browser from going back to page 1,then add the following at the top of page1.
<script>
if(window.history.forward(1) != null)
window.history.forward(1);
</script>

Resources