I've developed an website in Asp.net using VB. One of the requirements was for a qlikview to be displayed.
It's under a type of report hub, where I've got a list on the side of the page where the user can select a report and the rest of the page is an iframe. When the user selects a report, a javascript function is fired which sets the address of one of the reports into the iframe. The reports are all on their own page so I'm basically calling the page from the same domain and showing it in the iframe, no issue here. The problem comes when I've got to display the Qlikview which is hosted on another server.
This throws an error in the inspector but it still displays fine, it works like this on Chrome, Edge, Explorer and Firefox.
The issue comes with Safari, it blocks the authentication request because it is a cross-origin request.
I've tried the answer from this question. I've tried changing the domain name as listed here.
I've tried allowing cross origin access as listed here, but it didn't help.
I'm still very new to this, so i apologize if this is a simple solution.
Take a look here - Maybe this can help you
Using cors with all modern browsers
If it is working ok on Chrome and Firefox it is set ok on server. Qlikview officially support IE and Chrome. Safari have some issue with headers.
If you host your add-on (what is in iframe for Qlikview) on S3 for example for Safari you need to allow origin header, probably on different hostings something similar:
<AllowedHeader>origin</AllowedHeader>
Workaround is also that on Qlikview server it can use IIS for displaying Qlikview access point. If you want you can just go to IIS settings on Qlikview server and just set folder where you deploy your add-on pages so this way it can be configured that both will be served from the same domain (your add-on and qlikview access point). There is also Qlikview server configuration without IIS with Qlikview Web Server which will not allow to deploy another site.
Related
I have some videos hosted on my server and a third-party application using those hosted videos in their web application. I am using the IIS server and provide the URL to access those videos which they(third party) used on their web page as a video source.
The problem is the link I provide them is using HTTP protocol but their application is using HTTPS protocol before chrome update it is working fine. Since the update to Chrome version 80 when they click on the play button the requested link is converted automatically from HTTP to HTTPS and didn't play the video.
To explain it more they have a webpage and on that page, they are using video tag and as a source to that video tag, they are using my hosted video links that use HTTP.
I saw the update about same-site in cookies in new chrome 80 but didn't understand does it needs to be done on my site or the other party.
So my questions are should I change my protocol to HTTPS?
Can I add a cookie through IIS (I know something about URL-Rewrite but don't exactly know what to do)?
Did I need to add a cookie through IIS?
Hopefully I am able to explain it properly. Sorry in advance if it is still ambiguous.
Thanks for help
I am working on adding a very old web application to a site. We have to display the web application in an iframe on the site. When using Internet Explorer 11, the web application will display in the iframe without an issue. It should be noted that this is an old web app
Chrome and Edge on the other hand will display an error in the developer console: Refused to display '{APPLICATION_URL}' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors {SERVER_NAME}".
One thing to note is that this will not always happen in Chrome and Edge. I'd say about 80% of the time I will receive the error, but 20% of the time the application will load fine in the iframe and have no issues. This makes me think that maybe the issue is specific to a group of servers on our farm, but am unable to prove that.
I have very limited visibility over our servers here, but I can get someone else get me more information if that is needed.
I found the solution for this. One thing to note: Internet Explorer does NOT support the Content-Security-Policy header. That is why this worked in IE 100% of the time. IE was unable to do anything with that header, so it just loaded the app like it thought it was supposed to.
I was able to work with some people who have access to the servers that the web application is hosted on. I found the problem was caused by an IIS setting for the default site that the applications on this one server belong to.
There are two servers that host the application, and a load balancer will direct you to a server depending on traffic. One of the servers added an HTTP header for the content security policy to all outbound traffic for the applications on the server. This explained why sometimes the app would load fine, and other times it would fail.
I am implementing a bookmarking service (think Instapaper) using Firebase as a back end. Mostly it's working great, however I'm running into one major problem.
A core part of the service will be a bookmarklet that allows users to bookmark pages they are currently viewing in their browser (again, like Instapaper's: https://www.instapaper.com/save).
The first problem I encountered when implementing this was that even when a user is logged in on my firebaseapp.com page, that user was not showing up as authenticated when the javascript from the bookmarklet was fired. I figured out this was most likely due to cross-domain issues, so I next implemented an iframe-based solution. The idea being that the url of the iframe is hosted on my firebaseapp.com site, allowing the currently-logged-in user to show up as authenticated.
This works great in Chrome and Firefox but fails in Safari when the security setting for cookies and website data is set to "Allow from websites I visit" rather than "Always allow" (asking users to switch that setting to "Always allow" is not practical).
Is there any solution to this problem? Forcing users to log in every time the bookmarklet is clicked on a new domain would be highly inconvenient. I'm basically out of ideas at this point (and starting to get out of my depth on the web dev side of things).
Thank you so much for any help!
I have researched quite a bit and found no answer so I decided to make a post on this.
I have a fully working SharePoint 2010 Site Collection with some CSS and JavaScript resources to customize the look and feel of the site.
Everything is checked in and published and the site was working fine until we load balanced the two Frontend Servers.*
The problem is that, if - and only if - the site is opened through the load balancer, everyone gets some disrupted design issues AFTER clicking Internet Explorer (8) refresh button.
Moreover, SharePoint Designer does not work while using the LB as well:
"An error occurred accessing your Microsoft SharePoint Foundation site files. Authors - if you are authoring against a Web server, please contact the Webmaster for this server's Web site. WebMasters - please see the server's application event log for more details."
So this situation is not a problem on the following situations:
Open the site inside any of the servers or using a direct hosts entry to one of the servers (not using the Load Balancer)
IE10+ or another browser is used
Ctrl+F5 on IE8 using the LB
Similar (unanswered questions):
http://www.networksteve.com/enterprise/topic.php/Styles_&_JSs_loading_errors_in_load_balancing_sharepoint_farm_wh/?TopicId=49098&Posts=3
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/279b72ba-ede4-44b1-8429-1f2ff4d80c32/401-unauthorized-error-while-connecting-to-web-service-sharepoint-ipfs?forum=sharepointcustomizationlegacy
Note:
Fiddler does not show any relevant output, apart for some suspicious 401s that also appear when the site works
ULS Logs do not show any relevant authentication, permissions or other entries when the issue happens
As any medium/large company with intranet restrictions, we really need to support IE8. Also, SharePoint Designer does not work even if IE10 is installed.
the frontend servers were behind an F5 load balancer.
for some reason, sites rendered through the LB were displaying with IE7 rendering.
the solution was to add IE7 support to the branding solution, although it could work with a local browser tweak (unchecking "show intranet sites in compatibility mode").
I now tend to ask that LB caches are cleared whenever I have FE specific design problems
Is there a way to bypass/ignore/disable certificate errors ? I'm encountering this on IE8 and the server is using IIS 7. The situation is I created a asp.net website and Im accessing this website using "https". My other website got no problem with this scenario but my other website does. I just want to do the trick within web.config or any other way except (server side code, creating Self Signed certificate, redirecting the website).
Thanks In Advance!
why are you seeing error to begin with? if you don't have certificate installed then make sure your not using HTTPS anywhere on your site.
its browser based...you can not control the warning message.
In IE follow the steps below. It works for me.
Click Tools and select Internet Options
Click the Security
Select "Trusted Sites" icon and set the Security level to "Medium Low".
Close all the Windows. Then open the browser.