Access denied error when closing RadWindow

10 posts, 0 answers
  1. Hans Gunnar
    Hans Gunnar avatar
    13 posts
    Member since:
    Jan 2009

    Posted 24 Sep 2009 Link to this post

    We have a customer with the website www.customer.com. When a visitor enters the site a RadWindow is opened with a survey. This survey comes from the domain survey.customer.com (both located on the same physical server).

    This works just fine, but when trying to close the RadWindow with anything other than the "x" in the top right a javascript error occurs, saying Access Denied.

    This is from the FireFox error console:
    Error: Permission denied for <http://survey.customer.com> to get property HTMLIFrameElement.radWindow from <http://www.customer.com>. 
    Source File: http://survey.customer.com/content/pages/smallstartpage.aspx?code=123 
    Line: 36 

    I'm calling a javascript-function CloseRadWindow on survey.customer.com to close the RadWindow.

    Here is the javascript used:
    <script type="text/javascript" language="javascript"
            function GetRadWindow() { 
                var oWindow = null
                if (window.radWindow) oWindow = window.radWindow; 
                else if (window.frameElement.radWindow) oWindow = window.frameElement.radWindow; 
                return oWindow; 
            } 
     
            function CloseRadWindow() { 
                var oWindow = GetRadWindow(); 
                if (oWindow != null
                    oWindow.Close(); 
                else 
                    close(); 
            } 
        </script> 

    Is there any solution to this? I have used a similar approach for another customer, but at that time both pages where on the same domain/subdomain - I suspect the issue might be different subdomains here?

    If there are any other easy ways to close the RadWindow from within the RadWindow itself I'm happy to hear about it.

    FYI: No error is displayed when testing on the dev-computer running both projects on localhost.

    Br,
    Hans






  2. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 25 Sep 2009 Link to this post

    Hello Hans,

    This error is expected - it is occurring because of the cross-frame security mechanism implemented in the browser. You will get the same error if you replace the RadWindow with a standard IFRAME and try to modify it or any other object on the main page from within the content one. In your scenario you could try using document.domain to work around this restriction. More information on the subject is available here.


    Sincerely yours,
    Georgi Tunev
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  3. Hans Gunnar
    Hans Gunnar avatar
    13 posts
    Member since:
    Jan 2009

    Posted 28 Sep 2009 Link to this post

    Ok, that sounds reasonable.

    The "x" button in the titlebar works even if domains are different. Is the javascript for this close-button placed on the parent then?
  4. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 28 Sep 2009 Link to this post


    Yes, the [X] button, being part of the RadWindow, is rendered on the parent page, where the control's JavaScript is.


    Best wishes,
    Georgi Tunev
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  5. Karl Wilkens
    Karl Wilkens avatar
    206 posts
    Member since:
    Oct 2012

    Posted 17 Jan 2010 Link to this post

    Hi I have this scenario as well and am not at all sure how to reference the radwindow.

    function GetRadWindow()  
        {
            var oWindow = null;  
           
           if (document.domain.radWindow) oWindow = window.radWindow;  
           else if (document.frameElement.radWindow) oWindow = document.domain.frameElement.radWindow;  
           return oWindow;  
        } 

    this does not work. Does anyone have a solution? Thanks.


  6. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 18 Jan 2010 Link to this post

    Hi Karl,

    For the GetRadWindow() code to work, e.g. to be able to get a reference to the RadWindow wrapper on the parent page, both content and parent page should be using https.


    Regards,
    Georgi Tunev
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Watch a video on how to optimize your support resource searches and check out more tips on the blogs.
  7. Scott Semyan
    Scott Semyan avatar
    2 posts
    Member since:
    Feb 2010

    Posted 18 Feb 2010 Link to this post

    Is there any way to specify HTTPS using the window manager? We are using radopen to open the page like so:

    radopen('mypage.aspx')

    Ideally there would be some setting to specify opening the page in HTTPS (it seems to be opening in HTTP). Otherwise we will be forced to do:

    radopen('https://www.mysite.com/mypage.aspx')

    Edit: to clarify, the parent page is HTTPS and the radopen call is opening the iframe as HTTP
  8. Georgi Tunev
    Admin
    Georgi Tunev avatar
    7207 posts

    Posted 19 Feb 2010 Link to this post

    Hi Scott,

    RadWindow is basically an IFRAME and it behaves like one - you will get the same behavior when you use IFRAME instead of our control. There is no way you could force the manager to open pages in https so I would suggest to use the full Url in the radopen() function.

    All the best,
    Georgi Tunev
    the Telerik team

    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items.
  9. Scott Semyan
    Scott Semyan avatar
    2 posts
    Member since:
    Feb 2010

    Posted 19 Feb 2010 Link to this post

    Thanks for the reply. I was actually able to fix this by adding the page in the radOpen call to the list of ignoredHandlers in the web.config. Like so:

    Calling page:
    <button onclick="radopen('mypage.aspx');" />

    web.config:

    <secureWebPages mode="On" ignoreHandlers="WithStandardExtensions" secureConnectionIndicator="HTTPHeader" httpHeaderName="ConnectionEncrypted">
    <files>
     <add path="mypage.aspx" />
    </files>
    </secureWebPages>

  10. wnl
    wnl avatar
    106 posts
    Member since:
    Aug 2007

    Posted 10 Nov 2011 Link to this post

    Could you paste all sections from web.config that correspond with this setting?
Back to Top