Cross domain access permission denied in iframe - javascript

I am trying to embed OWA (Microsoft Exchange Server 2010) in a web page within an iframe but I get a JavaScript error on the OWA page saying Access Denied and then none of the controls within the OWA window work.
I have to use OWA in web page, I read in the form that cross domain does not work properly. Error comes as:
Client Information
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 GTB7.1 (.NET CLR 3.5.30729)
CPU Class: undefined
Platform: Win32
System Language: undefined
User Language: en-US
CookieEnabled: true
Exception Details
Date: Wed Oct 27 2010 10:17:05 GMT+0530 (India Standard Time)
Message: Permission denied for <http://domain_2> to get property HTMLIFrameElement.ownerDocument from <domain_1>.
Url: http://domain_2/owa/testuser#exch2k10.com/14.0.639.21/scripts/premium/uglobal.js
Line: 1
Call Stack
undefinedError()#:0 window$onerror("Permission denied for <http://domain_2> to get property HTMLIFrameElement.ownerDocument from <domain_1>.","http://domain_2/owa/testuser#exch2k10.com/14.0.639.21/scripts/premium/uglobal.js",1)#http://domain_2/owa/testuser#exch2k10.com/14.0.639.21/scripts/premium/uglobal.js:1 (domain_1>.","http://domain_2/owa/testuser#exch2k10.com/14.0.639.21/scripts/premium/uglobal.js",1%29#http://domain_2/owa/testuser#exch2k10.com/14.0.639.21/scripts/premium/uglobal.js:1) function Array$get_Length() { return this.length; } function Array$get_Item(index) { return this[index]; } function Array$get_Enumerator() { return new (Owa.Collections.ListEnumerator)(this); } function Array$remove(oItem) { var index = this.indexOf(oItem); if (index > -1) { this.splice(index, 1); } return index > -1; } function Array$removeAt(iIndex) { if (iIndex < this.length) { this.splice(iIndex, 1); return true; } return false; } function Array$add(oItem) { this.push(oItem); } function Array$clone() {
What I saw is that the error comes when uglobal.js which comes with the Exchange in the iframe trying to access property of parent.
Message: Permission denied for <http://domain_2> to get property HTMLIFrameElement.ownerDocument from <domain_1>.
Is there any other way by which I can use OWA in my page?

That's the cross domain policy restricting you. It's designed to prevent cross site scripting (XSS) attacks.
Basically, only pages from the same domain, protocol and port can alter each other's content.

I faced similar issues when trying to make cross domain calls. For IE8 you can use the following approach
var xdr = new XDomainRequest();
xdr.open("get", "http://domain2");
xdr.onload = function(){
//your code
};
xdr.send();
Additionally in IE only for testing purposes there is an option to add the specific address (domain1 in your case) to the trusted list Tools>Security>Trusted Sites>Sites and allow it to make cross domain requests by going to custom level and selecting Access data sources across domains. Please ensure the second is used only for testing.

If no JSONP solution exists, build a server side proxy.

Related

Websocket creation in js fails for naked domain name

I have a web-socket that is started from javascript, that is connecting to a domain (e.g my-domain):
let socket = new WebSocket("ws://www.my-domain.com/ws");
If I go in the browser and type www.my-domain.com all works fine. However, for short domain name (i.e. without www) (http://my-domain.com) the opening of the websocket fails.
I have tested on Firefox:
Firefox can’t establish a connection to the server at ws://www.my-domain.com/ws.
EDIT: The server is done in GO:
http.HandleFunc("/ws", wsHandler)
http.HandleFunc("/", rootHandler)
panic(http.ListenAndServe(":80", nil))
func (this *server) wsHandler(w http.ResponseWriter, r *http.Request) {
if r.Header.Get("Origin") != "http://"+r.Host {
http.Error(w, "Origin not allowed", 403)
return
}
...

Error connecting to TM-U220

I have downloaded 2 javascript SDK for Epson printer that supports TM-U220, and both of them won't connect to my printer and won't print. But when I tried to use other SDK such as QZ Tray, it worked, but the QZ Tray must be turned on, I want this to work in android, so I use the javascript SDK from Epson.
The problem is when I use the printer sample that Epson provided in the javascript SDK and input the ip: 192.168.1.98, port: 9100, and device id: local_printer, I got this error :
connected to ePOS Device Service Interface is failed. [ERROR_TIMEOUT]
.
But the printer did a small printing, letter that I can't read, and at the very end of the print : 2http/1.1. And in the console :
OPTIONS https://192.168.1.98/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000 net::ERR_CONNECTION_REFUSED
and
OPTIONS https://192.168.1.98/cgi-bin/eposDisp/service.cgi?devid=local_display&timeout=10000 net::ERR_CONNECTION_REFUSED
I've also created my own simple code.
This is my first code using epos-2.3.0.js :
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Print Test</title>
<script type="text/javascript" src="epos-2.3.0.js"></script>
<script type="text/javascript">
// Retrieving Printer objects (printer selection)
var printer = null;
// Retrieving Printer objects (printer selection)
// Creating ePOSDevice objects (device connection and communication)
var ePosDev = new epson.ePOSDevice();
function connect() {
var ipAddress = '192.168.1.98'; var port = '9100';
ePosDev.connect(ipAddress, port, callback_connect);
}
// Creating ePOSDevice objects (device connection and communication)
// Retrieving Printer objects (printer selection)
function callback_connect(resultConnect) {
var deviceId = 'local_printer';
var options = {'crypto' : false, 'buffer' : false};
if ((resultConnect == 'OK') || (resultConnect == 'SSL_CONNECT_OK')) {
// Retrieves the printer object
alert("Success callback connect");
ePostDev.createDevice(deviceId, ePosDev.DEVICE_TYPE_PRINTER, options, callback_createDevice);
}
else {
// Displays error messages
alert("Error callback connect");
}
}
function callback_createDevice(deviceObj, errorCode) {
if (deviceObj === null) {
// Displays an error message if the system fails to retreive the printer object
return;
}
printer = deviceObj;
// Registers the print complete event
printer.onreceive = function(response) {
if (response.success) {
// Displays the successful print message
alert("Callback create device response success");
}
else {
// Displays error messages
alert("Callback create device response failed");
}
}
}
// Retrieving Printer objects (printer selection)
// Creating print data (data buffering)
function createData() {
printer.addTextAlign(printer.ALIGN_CENTER);
printer.addText('Hello World\n');
}
// Creating print data (data buffering)
// Sending print data (printing and disconnection)
function send() {
if (ePosDev.isConnected) {
printer.send();
}
}
// Sending print data (printing and disconnection)
</script>
</head>
<body>
<input type="button" onclick="connect()" value="Connect" />
<input type="button" onClick="send()" value="Print Hello World" />
</body>
</html>
And this one I'm using epos-print-3.2.0.js :
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Print Test 2</title>
<script type="text/javascript" src="epos-print-3.2.0.js"></script>
<script type="text/javascript">
function buildMessage() {
// Create a print document
var builder = new epson.ePOSBuilder();
builder.addTextLang('en');
builder.addTextSmooth(true);
builder.addTextFont(builder.FONT_A);
builder.addTextSize(3, 3);
builder.addText('Hello,\tWorld!\n');
builder.addCut(builder.CUT_FEED);
var request = builder.toString();
var address = 'http://192.168.1.98/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000';
// Create an ePOS-Print object
var epos = new epson.ePOSPrint(address);
//Send the print document
epos.send(request);
}
</script>
</head>
<body>
<button onclick="buildMessage()">Run</button>
</body>
</html>
When I run the second code, I got this error in my console :
OPTIONS http://192.168.1.98/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000
and
XMLHttpRequest cannot load http://192.168.1.98/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000. Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'null' is therefore not allowed access. The response
had HTTP status code 405.
But When I change the address from
http://192.168.1.98/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000
to
http://192.168.1.98:9100/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000
it printed me this :
OPTIONS /cgi-bin/epos/service.cgi?devid=local-printer&timeout=10000
HTTP/1.1 Host: 192.168.1.98:9100 Connection: keep-alive Access-Control-Request-Method: POST Origin: null
User-Agent: Mizilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Access-Control-Request-Headers: content-type, if-modified-since,
soapaction Accept: */* Accept-Encoding: gzip,
deflate,sdch Accept=Language: en-US, en;q=0.8
I was getting the same errors for a new TM-T88VI. Then I saw in the ePOS SDK User's Manual that in order to control a TM printer you need to enable the ePOS-Print setting from within the EpsonNet Config on the printer.
Looking at the manual in order to control a TM-U220 directly (without using a TM Intelligent printer) you'll need to have a UB-E04 or UB-R04 network interface installed. It says you can check which interfaces are installed by printing a status sheet.
From the look of it, this is a Cross Origin HTTP Request issue (CORS). This MDN article explains this: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
I am guessing that the IP 92.168.1.98 is the printer IP (which is on the local network). See: http://trendblog.net/ever-wondered-use-192-168-x-x-ip-addresses-home/ and you can access it via port 9100 as described in your post above.
So since your actual web application is residing on a different IP than the printer IP and the way the web work, CORS is required when you are calling to a different IP / host so to prevent cross site scripting attack.
It's common sense that if the printer is exposing itself via port 9100, you should have that as part of your URI. That is the reason why http://192.168.1.98:9100/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000 works and the other one did not.
As for trying to access this via an Android device... the question is does the device is joined to your local network (192.168....) or is it on the Internet? If it is joined to the internet, I don't think you can access the printer which is probably not going to be exposed to the internet (having public IP). As long as they belong to the same network, they should be able to talk. If not, you will need to expose it to the internet (bad idea) or make sure they can see each other (Android connecting to your corporate WIFI and the printer can be reached via the WIFI).
I had the same problem with a TM-T20III. You have to use the utility software from Epson for your printer. In the advanced network settings, there is a menu which call "Filters" and I add the IP address of my POS as accept address.
But When I change the address from
http://192.168.1.98/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000
to
http://192.168.1.98:9100/cgi-bin/epos/service.cgi?devid=local_printer&timeout=10000
it printed me this :
Port 9100 is the raw input port of the printer, it seems to print the whole input request without interpreting it. ePOS Service seems to be available on ports 80 / 443.
I was getting the same errors for a new TM-T88VI. Then I saw in the ePOS SDK User's Manual that in order to control a TM printer you need to enable the ePOS-Print setting from within the EpsonNet Config on the printer.
Enabling the ePOS Print Service was the right solution for me. In order to do this, i had to update the firmware of the printer (TM-T88VI). In factory defaults, there was no option to switch on the ePOS Service.

AngularJS and Web API :- net::ERR_CONNECTION_REFUSED in chrome and error 00002efd in IE

There are lots of question like my question but I didn't any working solution.
I am using AngularJS and WebApi2 in my application.
Here is the JS code which call the initial API.
(function (module) {
var baseUrl= "http://localhost:85";
module.constant('Config', baseUrl);
module.service('identities', ['$http', function ($http) {
var uri = baseUrl+ '/api/controller/GetRole';
var identities = {};
identities.get = function () {
var temp = $http.get(uri);
console.log(temp, "identities");
return temp;
}
return identities;
}]);
This function call the GetRole method in web API controller to retrieve user role.The output of this method is JSON with user details.
I have deployed the application on a server to port 85. When I run the application it's throwing error in Chrome:
net::ERR_CONNECTION_REFUSED
and in IE 11:
XMLHttpRequest: Network Error 0x2efd, Could not complete the operation due to error 00002efd
There is no log created in IIS for this request.
Using fiddler I got this in Raw with status code 502 in response.
The connection to 'localhost' failed.
Error: ConnectionRefused (0x274d).
System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:85.
I have also tried by disabling the CORS in chrome but no luck.
IF I use IP address of server instead of localhost as baseUrl in angular JS code then it's working fine.
Why it's not working with localhost?
I am doing a GET call and Error for me is 00002efd not 00002ef3.

Angularjs Error in loading external jsonfile from server

I am trying to load json file from server .Here is my services.js file
angular.module('starter.services', [])
/**
* A simple example service that returns some data.
*/
.factory('Friends', function($http) {
var friends;
//here is the code for server access
$http.get('http://wwww.root5solutions.com/ionictest/get.json').then(function(msg){
console.log("console output"+msg.data);
friends=msg.data;
console.log("from server"+friends.data);
});
return {
all: function() {
return friends;
},
get: function(friendId) {
return friends[friendId];
}
}
});
But its not worked properly.Here is my console message
XMLHttpRequest cannot load http://www.root5solutions.com/ionictest/get.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.
I have also faced the same problem.I am sure it will resolve your problem,
For Windows... create a Chrome shortcut on your desktop > Right-clic > properties > Shortcut > Edit "target" path : > "C:\Program Files\Google\Chrome\Application\chrome.exe" --args --disable-web-security
NOTE: After setting this exit from chrome and then open
you have to whitelist that URL
try this
.config(function($sceDelegateProvider) {
$sceDelegateProvider.resourceUrlWhitelist([
// Allow same origin resource loads.
'self',
// Allow loading from our other assets domain. Note there is a difference between * and **.
'http://wwww.root5solutions.com/ionictest/**',
]);
})
All this problem beacuse i tested only using browser.When tesing on device/emulator its working perfect.There is no need of additional coding to overcome this problem.

Indesign javascript Socket always performs requests using host: localhost

I'm trying to use a Socket connection to read a file on a remote website. So far, my code:
conn = new Socket;
if( conn.open( 'example.com:80' ) ) {
conn.write( 'GET /indesign-page/ HTTP/1.0' + "\n\n" );
reply = conn.read(999999);
conn.close();
} else {
alert( 'Problem connecting to server' );
}
The socket connects to example.com fine, but the request comes across as this:
GET http://localhost/indesign-page/ HTTP/1.0
when it should be this:
GET http://example.com/indesign-page/ HTTP/1.0
I've tried changing the conn.write parameters to 'GET http://example.com/indesign-page/ ...', but then it comes across as:
GET http://localhosthttp://example.com/indesign-page/ HTTP/1.0
The webserver requires that the host be set correctly to serve correctly.
You need to set the "Host" header.
conn.write( 'GET /indesign-page/ HTTP/1.0' + "Host: example.com\r\n" + "\n\n" );
Because conn.open( 'example.com:80' ) means find example.com's server ip then connect that ip address at 80 port, so the web server does not know that you had resolved example.com before connected to it.
Do you need to use a manual socket object? On Adobe's Community Site there's a mention to this already created FTP Script where you could call a GET or PUT to a file on a FTP server.
Otherwise which OS are you using? If you'll always be on a Mac, you could shell out to an AppleScript command and place the file anywhere you'd like:
var command = 'do shell script "curl http://localhost/indesign-page"';
var response = app.doScript(command, ScriptLanguage.APPLESCRIPT_LANGUAGE);
The nice thing about the AppleScript is that you can execute the command manually using the AppleScript Editor (or Script Editor if you're earlier than 10.6).

Categories

Resources