httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd]Cross frame scripting fails with apache...
Date Tue, 12 Nov 2002 09:39:13 GMT
You might try checking the setting of "ServerName" and
"UseCanonicalName" and also read up on what these directives do. My
shot-in-the-dark is that the self-referential URLs that apache creates
may be wrong... Also, I could be a mile out..

>-----Original Message-----
>From: Tristan Fairbairn [mailto:Tristan.Fairbairn@torex.com]
>Sent: Dienstag, 12. November 2002 10:22
>To: users@httpd.apache.org
>Subject: [users@httpd]Cross frame scripting fails with apache...
>
>
>Hi guys,
>
>I have a problem and I *think* it is OS / browser / web server 
>related.  We are running apache 1.3.27 on AIX 4.3.2
>
>I have created two very simple html files.  test.html contains 
>a frame which has src="test2.html".  test.html tried to access 
>an element of test2.html via the frame.  The code (below) 
>works correctly when the files are stored on my local disk.  
>However, when I place them on the apache web server, I get an 
>error "Access Denied" from the browser (IE6 Win2000).  I do 
>*not* get this error from ie5.5 sp2 on winnt even when the 
>pages come from the apache server.  The oddest part is that if 
>I "refresh" the page after the error, it works! (and so do all 
>subsequent refreshes until I close and restart the browser).  
>I have done some testing and this is not a timing issue, the 
>document in the frame IS loaded before the cross frame access 
>is attempted.
>
>Our server runs on a machine without a DNS name, and so the 
>apache server runs with "ServerName localhost".  Is it 
>possible that the browser is not being correctly convinced 
>that the two documents come from the same host (and hence 
>falling foul of the browsers cross frame security policy)?  I 
>have also tried setting the ServerName to be the loop back IP 
>as well as the servers real static IP, but with no success.
>
>Thanks for your time.
>
>Tristan
>
>test.html
>=========
><head>
><script>
>function doIt() {
>  alert(frames["test"].document.body.id);
>}
></script>
></head>
><frameset onload="doIt();">
><frame id="test" name="test" src="test2.html"></frame>
></frameset>
></html>
>
>test2.html
>==========
><html>
><body id="qwerty">
>hello!
></body>
></html>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender’s company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender’s company. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message