I have an iFrame at subdomain.somedomain.com and it is displayed on somedomain.com. I have control over both domains if changes need to be made on either side.
In the frame I load a form that exists on subdomain.somedomain.com. When the user types in the form there is a character counter to show how many characters have been typed. It functions by appending itself to the parent element based on a set of CSS IDs. This used to work, but I do not know when it stopped working.
I get "Uncaught DOMException: Blocked a frame with origin "https://subdomain.somedomain.com" from accessing a cross-origin frame."
I do not understand how this is cross-domain as both the site loaded into the frame and the script it is calling are both on https://subdomain.somedomain.com.
If someone can please help understand what needs to happen for a script to run on the page loaded in a frame I would appreciate it.
I am not sure it makes a difference but this is all happening on Drupal. I have changed the X-Frame options so that the page can be loaded in the frame at all.
Thanks,
Josh
It turns out I parent.scrollTo(0,0); in my code which is a clear violation of cross-origin policy. I think this out and it works like a charm.
Related
I'm using the fetch API to display a webpage inside of a floating widget. The page has a form on it that uses viewstate. It works fine if the widget is on the same domain as the page I'm fetching, but if I put the widget on a different domain, then I get an invalid viewstate error. I have tried several things to resolve the issue, but none work. Does anyone know if it's possible to get this working?
No. If by your definition of widget you mean something like an iframe then this would cause issues regarding XSS if you are trying to manipulate data between the parent frame and iframe, it wouldn't if the domain was the same though due to the same-origin policy.
I'm trying to pull up data (for scraping purposes) from a certain website. The data I need is in an iframe and it's much faster to just load up the iframe rather than the entire site. I can access the iframe directly no problem however it does not include any filtered results which the user would normally control through the form. Clearly the form is posting something to the iframe to tell it which results to display. However, as I cannnot see the full URL I don't know exactly what it's passing.
I tried to poke around the source but haven't been able to figure it out, is there something specific I should be looking for?
Thanks
I'm working on an ASP.NET web application. There's a bill page which has two links to different pdfs of the same bill. When you click on one of the links it takes you to a ViewPDF.aspx page that shows the pdf. There's also an option to view both in a split screen so that you can compare them. When you click on this link it takes you to BillSplit.aspx which has a frameset and two frames that both point to ViewPDF.aspx. This all works perfectly.
The problem is that if an error occurs while pulling up the pdf. The application has an error page that has a few links back into the application. If you use one of these you can go back into the app and continue but now inside the frame. The URL still says BillSplit.aspx but the application is completely unaware of this since frames are HTML elements not asp.net controls.
What I would like to do at this point is detect that you've returned to the application and close the frame you aren't using. Essentially I'd like to redirect you away from BillSplit.aspx and to the page you're actually requesting. I'm pretty sure this would need to be done in Javascript either on the BillSplit page or on the pages that you go to later.
So I guess what I'm asking is, is there a way to ensure that the BillSplit.aspx page and it's two frames point only at ViewPDF.aspx? Thanks!
if both the page and the frames inside the frames are on the same domain.
you can maybe register a startup script when you get to the error page.
what the script will do is something like checking if he is inside a frame
with something like with the top.document anyway if it does you can then
redirect in the client to another page you want.
or even to the error page.
this way it wont display inside frames.
will that help?
I have an asp.net C# .net 3.5 page which contains several user controls. I am noticing that sometimes the html loaded on the browser is incomplete. It seems to get cut-off.
Any suggestions on how to troubleshoot whats the root cause?
This can be symptomatic of server errors or proxy problems. I would use Fiddler to check what's going back and forth between your browser and the server. If you are getting any 500 (server error) response codes, that would be a good place to look.
Another thing to check would be javascript errors on the page, because depending on what your javascripts are doing, errors can prevent loading of other content in some cases.
womp probably has most of the bases covered, but the other angle that can lead to issues like this would be exceptions getting eaten but causing processing to stop, thereby sending half the page or somesuch.
Verify that your HTML is being written to the page by viewing the source code of the page after it loads. My guess is that the HTML that is being output is invalid, and that the browser isn't able to properly display it. Make sure all your HTML tags are properly closed and balanced.
It could also be an issue with the request being ended midway through. Try removing one control at a time from the page and see if the situation improves. If it does, you'll know which control is to blame.
It is quite unlikely that it is the same problem, but I had that happen before where the page had a custom filter attached to response.filter which reformatted the output to fix up some dotnet SEO problems. And the one we wrote had a bug where one regular expression consumed a bit too much copy in some instances and broke the output
I'm trying to run a multivariate test across 3 pages, google says this should be ok, as long as you use the same section names, it doesn't care about the url so much.
so I have checked in google optimizer, it says all my scripts are set up correctly.
Also the strange thing is it DOES work, it replaces the content, but it never ever saves a cookie, so when you get to the next page, or even just refresh the same page, you might get a different variant.. Which obviously shouldn't happen.
I'm pulling my hair our here, any help would be appreciated.
I had the exact same problem. I've run several tests with GWO and never had this issue. However, with my latest MVT, at first I wasn't seeing GWO even set the cookie. Then, it started setting the cookie but was not able to read the cookie.
Although I am running a sitewide, MVT, I am not running it across multiple domains. However, in order to get GWO to set and read the cookie correctly, I found that I needed to use some of the code required for sitewide tests that span multiple domains. Here is the google article on cross domain tracking:
http://www.google.com/support/websiteoptimizer/bin/answer.py?hl=en&answer=151978
According to the Google WSO API, by default, GWO is setting this property:
gwoTracker._setDomainName("auto");
For whatever reason, it was my experience that this was not happening and by making this call explicitly in my code, it fixed the problem! This call needs to be added to both your Tracking Script and your Conversion Script.
Again, I've never experienced this with any of my other GWO tests, so it was kind of weird to have it happen out of the blue but explicitly making this call fixed this problem for me. Good luck.