ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John.Bork <John.B...@target.com>
Subject RE: Ambari Views Error
Date Tue, 24 Mar 2015 13:56:11 GMT
That is what I am doing now. I guess my question is whether this should be reported as a bug/vulnerability
because it still follows the link in this setup, which like you said is a security vulnerability.
If I were to put the link within the body tag (not in the bootstrap table), it does not follow
the link. I feel that this is what should happen when it is in the bootstrap table rather
than still following the link and changing the iframe height.

- John

From: Srimanth Gunturi [mailto:sgunturi@hortonworks.com]
Sent: Monday, March 23, 2015 4:36 PM
To: user@ambari.apache.org
Subject: Re: Ambari Views Error


Hi John,

It is generally intended that the views-area of Ambari-Web UI will show only views. Attempting
to show some other website in there will result in Ambari-Web hitting security exception (as
you have), due to ambari-web javascript trying to change some other website - https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy



It might be better to open your Job link in another window/tab using 'target="_blank"'.

Regards,

Srimanth









________________________________
From: John.Bork <John.Bork@target.com<mailto:John.Bork@target.com>>
Sent: Monday, March 23, 2015 2:20 PM
To: user@ambari.apache.org<mailto:user@ambari.apache.org>
Subject: Ambari Views Error

Hi, I am developing a Ambari View in which one component of it is to provide links to jobs
on the Job History Server. When the link is clicked, the iframe that held the view now goes
to the Job History Server and throws the following error in the browser console.

Uncaught SecurityError: Blocked a frame with origin <Ambari View> from accessing a frame
with origin <Job History Server> Protocols, domains, and ports must match. step9_view.js:1
App.MainViewsDetailsView.Em.View.extend.resizeFunction step9_view.js:1
(anonymous function)

The link is inserted into a bootstrap tblflat element row from which it can be clicked.

Also, after the link is clicked and the iframe opens the Job History Server, the iFrame height
attribute is set to auto which causes the height to shrink between 100 and 200 pixels. Is
this the correct action, or should the iframe be prevented from following the link in the
first place? What is the expected behavior?


- John Bork



Mime
View raw message