I am working on adding a very old web application to a site. We have to display the web application in an iframe on the site. When using Internet Explorer 11, the web application will display in the iframe without an issue. It should be noted that this is an old web app
Chrome and Edge on the other hand will display an error in the developer console: Refused to display '{APPLICATION_URL}' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors {SERVER_NAME}".
One thing to note is that this will not always happen in Chrome and Edge. I'd say about 80% of the time I will receive the error, but 20% of the time the application will load fine in the iframe and have no issues. This makes me think that maybe the issue is specific to a group of servers on our farm, but am unable to prove that.
I have very limited visibility over our servers here, but I can get someone else get me more information if that is needed.
I found the solution for this. One thing to note: Internet Explorer does NOT support the Content-Security-Policy header. That is why this worked in IE 100% of the time. IE was unable to do anything with that header, so it just loaded the app like it thought it was supposed to.
I was able to work with some people who have access to the servers that the web application is hosted on. I found the problem was caused by an IIS setting for the default site that the applications on this one server belong to.
There are two servers that host the application, and a load balancer will direct you to a server depending on traffic. One of the servers added an HTTP header for the content security policy to all outbound traffic for the applications on the server. This explained why sometimes the app would load fine, and other times it would fail.
Related
I've developed an website in Asp.net using VB. One of the requirements was for a qlikview to be displayed.
It's under a type of report hub, where I've got a list on the side of the page where the user can select a report and the rest of the page is an iframe. When the user selects a report, a javascript function is fired which sets the address of one of the reports into the iframe. The reports are all on their own page so I'm basically calling the page from the same domain and showing it in the iframe, no issue here. The problem comes when I've got to display the Qlikview which is hosted on another server.
This throws an error in the inspector but it still displays fine, it works like this on Chrome, Edge, Explorer and Firefox.
The issue comes with Safari, it blocks the authentication request because it is a cross-origin request.
I've tried the answer from this question. I've tried changing the domain name as listed here.
I've tried allowing cross origin access as listed here, but it didn't help.
I'm still very new to this, so i apologize if this is a simple solution.
Take a look here - Maybe this can help you
Using cors with all modern browsers
If it is working ok on Chrome and Firefox it is set ok on server. Qlikview officially support IE and Chrome. Safari have some issue with headers.
If you host your add-on (what is in iframe for Qlikview) on S3 for example for Safari you need to allow origin header, probably on different hostings something similar:
<AllowedHeader>origin</AllowedHeader>
Workaround is also that on Qlikview server it can use IIS for displaying Qlikview access point. If you want you can just go to IIS settings on Qlikview server and just set folder where you deploy your add-on pages so this way it can be configured that both will be served from the same domain (your add-on and qlikview access point). There is also Qlikview server configuration without IIS with Qlikview Web Server which will not allow to deploy another site.
I am supporting ASP.NET application running on 3 web servers and have F5 system as firewall and load balance. Actually I don't have experience at all in F5 system but the following issue seems to be related to it
The issue happened after we applied F5 load balancing. Simply it cause JavaScript in the web page to fail sometimes. After refresh the web page it will work fine
To trace the issue I compared the response that fail and the one that success after refresh. The difference was the failed one contains html tag that is not added by our application apm_do_not_touch with a script tag inside it
It seems that happen when the F5 switch between one server to another one as the issue solved when we redirect all the traffic to only one server
Any advice, what is the possible cause and how we can solve it?
APM is F5's Access Policy Manager module and is used for VPN, Web Portals, and federated authentication. The apm_do_not_touch tag is part of this product and is used when you want to prevent the APM module from rewriting portions of HTML such as external links.
If you're not accessing the application through a web portal, this should not be applied and you'll need to work with whomever setup the access policy to resolve as the APM policy is being applied to your application possibly erroneously.
Here is more information on the apm_do_not_touch tag. Depending on your version, there was a known issue for #cc_on in F5 BIG-IP version 11.1 who's workaround was to prevent the APM module from rewriting that command. The same workaround may pose a solution for you. Either way, there are additional complexities to your client traffic flow that you will need to engage your network team/BIG-IP administrators with to ensure your application and their policies don't clash.
It could be as simple as removing the APM policy from your application's pathway but your admins will be able to identify if it's required for external access or reverse proxy requirements.
I am developing a .NET application for my clients. One of my pages I have included a RadDatePicker and several other input methods. When I run my project it occurs an error only in Internet Explorer web browser (IE version 11.0.9600.18282).
When I access to the web page from the local host it displays the page as the top part of the image below which is correct.But if I access my localhost from another computer that is connected to the same network, it displays the web page as in the second part of the image with some errors in the style.
I already checked the versions of both web browsers and rendering models and compatibility view settings and still I have no idea where it went wrong.
Can you please help me with that.
I have researched quite a bit and found no answer so I decided to make a post on this.
I have a fully working SharePoint 2010 Site Collection with some CSS and JavaScript resources to customize the look and feel of the site.
Everything is checked in and published and the site was working fine until we load balanced the two Frontend Servers.*
The problem is that, if - and only if - the site is opened through the load balancer, everyone gets some disrupted design issues AFTER clicking Internet Explorer (8) refresh button.
Moreover, SharePoint Designer does not work while using the LB as well:
"An error occurred accessing your Microsoft SharePoint Foundation site files. Authors - if you are authoring against a Web server, please contact the Webmaster for this server's Web site. WebMasters - please see the server's application event log for more details."
So this situation is not a problem on the following situations:
Open the site inside any of the servers or using a direct hosts entry to one of the servers (not using the Load Balancer)
IE10+ or another browser is used
Ctrl+F5 on IE8 using the LB
Similar (unanswered questions):
http://www.networksteve.com/enterprise/topic.php/Styles_&_JSs_loading_errors_in_load_balancing_sharepoint_farm_wh/?TopicId=49098&Posts=3
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/279b72ba-ede4-44b1-8429-1f2ff4d80c32/401-unauthorized-error-while-connecting-to-web-service-sharepoint-ipfs?forum=sharepointcustomizationlegacy
Note:
Fiddler does not show any relevant output, apart for some suspicious 401s that also appear when the site works
ULS Logs do not show any relevant authentication, permissions or other entries when the issue happens
As any medium/large company with intranet restrictions, we really need to support IE8. Also, SharePoint Designer does not work even if IE10 is installed.
the frontend servers were behind an F5 load balancer.
for some reason, sites rendered through the LB were displaying with IE7 rendering.
the solution was to add IE7 support to the branding solution, although it could work with a local browser tweak (unchecking "show intranet sites in compatibility mode").
I now tend to ask that LB caches are cleared whenever I have FE specific design problems
I developed a website and published it on a LAN computer running IIS 6.0 all through my testing phase to make sure it looked correct and worked with all browsers. I heavily used CSS for my layout, a small amount of javascript and ASP only for Server Side Includes. The layout was tested in Chrome, Firefox, Opera, IE8 and Safari. All working as intended.
When I went to upload my completed website onto my domains host, the website came out looking completely different as well as the css drop-down menu not working. The following URL shows the differences (sorry both screen caps are combined because of link limit on SO):
Pic
After investigating a little bit, I discovered that hosting site runs Apache as their server. I also ran the ASP command Request.ServerVariables("SERVER_PROTOCOL") on both hosts and discovered that my IIS testing host returned SERVER_PROTOCOL: HTTP/1.1 while the Apache host returns SERVER_PROTOCOL: HTTP/1.0
I am somewhat stuck on where to go from here. Is this difference in server protocols causing my css to be interpreted incorrectly on the Apache server? Can I do anything about it considering my domain hosted server is out of my control? Am I completely off track and should look elsewhere?
CSS is interpreted by the browser, not the web server. The problem probably has to do with the way your hosting provider supports ASP sites (if it supports that at all).
This smells like wrong file references.
Are you sure the live server is not just getting a fatal error and aborting the execution of the page?
Have you checked your error log in your host control panel?
there could be some \ (backslash) instead of / (slash) in some path definition. IIS interprets backslash or slash in the same way (Apache doesn't).