Hey,
I'm doing some webapplications , and in one of them, I want to open a
page, from another domain. This is running internally, with full
control over the enviroment. However, even adding the two domains in
question to the trusted sites list will not let anything work.
I looked through the security settings for IE, and I don't see anything
in there that seems pertinent, except for the "data sources" one, which
I suspect is that IE4 data stuff.
The actual code opens the foreign popup in a modal dialog (IE only,
etc), and I then set the returnValue of the dialog, which is then
returned to the calling script.
Is there ANY way, any combination of settings, that will let me mess
with pages from other domains?
Regards,
Svend
4  1622 
Svend Tofte wrote: Is there ANY way, any combination of settings, that will let me mess
with pages from other domains?
Write a HTML application (HTA) then, start with saving your local .html
file as .hta instead, that way you can access the DOM of documents
loaded in frames. But I am not sure what happens with a modal dialog in
that case, be careful to check that the URL loaded in the dialog does
not have application rights too if you load stuff you do not control.
HTA application docs are here:
<http://msdn.microsoft. com/library/default.asp?url =/workshop/author/hta/hta_node_entry. asp>
--
Martin Honnen http://JavaScript.FAQTs.com/
> "Svend Tofte" <st****@gmail.c om> wrote: news:11******** *************@o 13g2000cwo.goog legroups.com... .
Hey,
I'm doing some webapplications , and in one of them, I want to open a
page, from another domain. This is running internally, with full
control over the enviroment. However, even adding the two domains in
question to the trusted sites list will not let anything work.
I looked through the security settings for IE, and I don't see
anything in there that seems pertinent, except for the "data sources"
one, which I suspect is that IE4 data stuff.
The actual code opens the foreign popup in a modal dialog (IE only,
etc), and I then set the returnValue of the dialog, which is then
returned to the calling script.
Is there ANY way, any combination of settings, that will let me mess
with pages from other domains?
Regards,
Svend http://jibbering.com/2002/4/httprequest.html
IE only with full control over the enviroment, XMLHTTPRequest may just get you there.
--
BootNic Thursday, July 07, 2005 5:31 PM
You can discover what your enemy fears most by observing the means he uses to frighten you.
*Eric Hoffer*
BootNic wrote: IE only with full control over the enviroment,
XMLHTTPRequest may just get you there.
XMLHTTP may be able to perform cross-domain calls, but the popup is for
the user to browse and select some information. It is this selecting
and browsing which is inside the popup, which is on another domain. I
need to return the result to the opener, if at all possible.
I was reading up on IE, and it seems that the two domains exists as a
subdomain, of the same domain (such as alice.foo.com and bob.foo.com)
you can get access, by setting the domain property to foo.com, in both
windows. However, as this lives as an internal webapp, the URL's are
merely http://webapp1 and http://webapp2, no common "parent" domain.
Routing information via the backend (which XMLHTTP will essentially do)
is to way overengineer the solution. We can, if need be, stick it on
the same domain afterall.
But the question still remains, how to get access, assuming IE only,
and control over enviroment. And, if one cannot, to assert that fact.
Regards,
Svend
Svend Tofte wrote:
<snip> I was reading up on IE, and it seems that the two domains exists as a
subdomain, of the same domain (such as alice.foo.com and bob.foo.com)
you can get access, by setting the domain property to foo.com, in both
windows. However, as this lives as an internal webapp, the URL's are
merely http://webapp1 and http://webapp2, no common "parent" domain.
<snip>
If the two machines are physically on the same domain (I'm assuming
you're referring to the lack of a common domain in the URL only), you
can likely still use this domain setting, just start accessing the
URL's with fully qualified names instead of only the machine name: http://webapp1.domain.com and http://webapp2.domain.com.
AFAIK, this domain setting in IE is the only way to get around the
security. Another technique that would work though, is to make both
sites appear to be coming from the same machine. For example, you could
run software on webapp1 that allows requests to be made to webapp2
through a special URL to webapp1, where a server-side application makes
the request on behalf of the user.
There are possibly hardware solutions that can do this as well (serve
content from multiple machines based on URL). This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Katherine Hall |
last post by:
I am trying to use a single cookie in two domains. One sets it (and uses
it), the other uses it. I am trying to use setcookie and set the second
domain name as the valid domain, but it doesn't seem to be working:
|
by: Hrvoje Voda |
last post by:
How to check if a user is logged into domain ?
Hrcko
|
by: David Laub |
last post by:
I have stumbled across various Netscape issues, none of which appear to be
solvable by tweaking the clientTarget or targetSchema properties. At this
point, I'm not even interested in "solving" these problems - I'm more
interested in isolating them, .i.e. finding a "complete" list of issues.
Here's my list of serious issues found so far. By serious, I mean
functionality that fails, as opposed to much less serious (albeit annoying)
display...
|
by: Grey |
last post by:
Can I use the domain username and password with VSS authentication?? I want
to user the domain username and password to authorize the credential of VSS,
but I don't want to do anything the Domain AD. What can I do??
I learnt from VSS FAQ in microsoft website that "Can a network password be
used to log onto Microsoft Visual SourceSafe 6.0 automatically?
Yes, the passwords are controlled by the SourceSafe Administrator and the
utility...
|
by: Charles Law |
last post by:
Take a solution with a project hierarchy along the lines of an n-tier
system, so that we have a data layer, business layer and presentation layer.
The presentation layer is coupled to the business layer, and the business
layer is coupled to the data layer. So far so good.
Suppose the data layer raises an event, and it passes Me (the sender) as an
object, and e (MyEventArgs, a descendent of EventArgs) to the layer above
(the business...
| | |
by: Bruno |
last post by:
I have a feature that is hosted on a different domain from the primary one
in a frame, and need to retain values in a cookie.
example: A web page at one.com contains a frame which has a page hosted at
two.com
If I view the frameset from one.com in Firefox, all works well with the
content from two.com. But if trying to view this using IE (with standard
security settings), the cookie set by two.com is not accessible.
|
by: Adrian |
last post by:
can someone explain the cross domain security re AJAX in IE?
I have a page that calls a web service (WS) from another domain (the target
browser is only IE6) and displays it's results! all works fine when the page
is run from my hdd, however when run from the web I get "Access denied" due
to the cross domain security (I assume).
So I set the browser setting to allow cross domain but this did not seem to
work, I got the same error!
|
by: aspmonger |
last post by:
Hello,
I really believe that IE 6 has a new (intentional?) bug that severely limits the capability of dhtml and cross domain scripting. Yesterday, I read an interesting article about the subject and it only supported my claim. The article explained why Microsoft will not be letting the IE DHTML Implementation get any more powerful than it already is. Microsoft has realized that an experienced DHTML developer can create a web application that...
|
by: Sam |
last post by:
Validate domain name context
Hello , Today I want to make sure from a given text is a domain style
or not.
for example : the domain can be
example.com or example.com.us or example.us so , what is the pattren
to check the given string is a domain style or not?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
