Scenario: Our client, Epic, requires all their vendors to run web applications within their own application called "Hyperdrive" - which in turns runs everything within an iframe.
So in essence all of their internal clients access my Angular web app within an iframe running in Hyperdrive.
It's mostly running as expected, except for a few features. One is where we render a PDF file within our own iframe. This gets BLOCKED with a cross-origin error.
Here's the Html markup for the iframe:
<iframe width="100%" height="100%" [src]="secure_url" frameborder="0"><iframe></iframe></iframe>
The weird thing is that it's NOT loading from a separate origin. The domain is the same.
Yet I can't load the contents of my iframe.
Running the Epic tool locally on my box, here is says "SAME ORIGIN" - i.e. devapp01.to...hy.com
Related
I am using Cypress to write e2e automation tests for a web application containing iframes. The web application contains multiple hidden iframes. After I log into the application, Cypress does not display the correct iframe. Instead, it displays a hidden iframe. Is there any way to handle the iframe selection by Cypress?
Most of the questions were related to targeting elements inside iframes. I found no questions related to loading of webpages using iframes.
EDIT:
Please note: My issue is not related to https://github.com/cypress-io/cypress/issues/136
I here official information about iframe issue :
https://docs.cypress.io/guides/references/known-issues.html#Iframes
Copied and paste :
You cannot target elements or interact with anything in an iframe - regardless of it being a same domain or cross domain iframe.
This is actively being worked on in Cypress and you’ll first see support for same domain iframes, followed by cross domain (they are much harder to do).
Issue URLs :
https://github.com/cypress-io/cypress/issues/136
I'm Trying to make a simple web browser in node-webkit, to polyfill features that Chromium doesn't support yet (time element, etc). I have had success in listening for the iframe.onload event and then appending a script tag with the polyfills, but this still means that features that I've polyfilled won't be detected by Modernizr or other feature detention.
I've tried loading the page using the http node module, appending a script tag and then turning the page source into a data URI for the frame but data uris essentially turn external pages into static html with no scripting, which renders many web pages unusable.
Also, loading a page through node's http module is proving extremely slow compared to loading through an iframe.
So, is there any other way? Ideally I run a script in the iframe before any other scripts are run.
Yes, I am using nwfaketop and nwdisable on the iframe.
The 'document-start' event should be helpful. See https://github.com/rogerwang/node-webkit/wiki/Window#document-start
See also Window.eval() in https://github.com/rogerwang/node-webkit/wiki/Window#windowevalframe-script
I am trying to simulate a cross origin site. Meaning I shouldn't be able to make ajax request from site A to site B since the browser will not naturally allow me to do so because of their cross-origin policy.
What are the tools I can use in this regard? Or are there any hacks?
What I've tried so far: I've opened a visual studio solution. It has two asp.net web form projects. One web project (say A) simply hosts a form with a file input control and a submit button. The other project B has a simple aspx page, which contains an iframe which loads site A inside of it.
I ran project B, and, in the browser console window, I did something like this:
var ifr = document.getElementById('myiframe');
console.log(ifr.contentWindow.document.body.innerHTML);
The console window displays the markup of site A's page which is loaded in the client's iframe.
Clearly I've failed. But is there I way I can do it on one machine.
Well, a bit of digging shows that you can achieve this feat is by modifying your hosts file (C:\Windows\System32\drivers\etc\hosts) as mentioned in the post below:
How do i map http://localhost:8080 to http://mysites in iis7?
I was trying to show Google Plus page for certain place in my AIR application using HTML control but HTML control displays page with error code 400. Same url can be opened in browser without any errors. I have also tried to load content using URLLoader and got same error 400.
What can be different between browser and AIR? Is it possible that Goole can detect out of browser http requests and prevent them?
The website may be blocking the following:
Frame attempts
Specific User Agents
Unknown User Agents
References
Are you using a robots.txt File?
Clickjacking Security Advisory
I've seen this SO posting about using iframe's and doing postMessage: Metro App and iFrame cookie. I'm trying to do something very similar in Win8 Release Preview with an HTML/JS Metro application, but it seems rather impossible to replicate the behavior in that solution.
I have a simple frame stored in a remote location as:
<!DOCTYPE html>
<html>
<body>
<script>
window.onmessage = function(e) {
alert("Hello world");
debugger;
};
</script>
</body>
</html>
In my default.html I have a div that contains the iframe as follows:
<div id="container">
<iframe id="frame" src="https://dl.dropbox.com/u/75275447/win8Frame.html"></iframe>
</div>
I have an arbitrary button that executes a postMessage on #frame and would in a normal Html site trigger the remote frames onmessage, but instead I can look at the error list in VS and see:
APPHOST9613: The app couldn’t navigate to
https://dl.dropbox.com/u/75275447/win8Frame.html because of this
error: RESOURCE_NOT_FOUND.
I have tried looking into any manifest that might allow me to achieve this and enabled:
Home or Work Networking
Internet (Client & Server)
Internet (Client)
To no avail... I have also tried having a frame (local to the application) loaded into the web contenxt (via ms-wwa-web://) that contains a div that hosts the remote iframe and chain up onmessage to forward a postMessage to the remote iframe, but again I see another error:
APPHOST9624: The app can’t use script to load the
ms-wwa-web://frame.html/ url because the url launches another app.
Only direct user interaction can launch another app.
I'm beginning to think this is an impossible task.
The one piece of information I leave out as I considered it unrelated to this issue was an error found in the javascript console related to using Jquery that I found a solution in another SO post. Clearing up that issue now allows the app to load the remote iframe and I can press the button and see the message reach the remote iframe's javascript (in my case I see alert() being undefined, but I was just trying to prove that I could load and execute remote code).
I guess the moral of the story is clear up related javascript console errors...