Access is denied for DocumentManager in Internet Explorer

5 posts, 0 answers
  1. Graham
    Graham avatar
    5 posts
    Member since:
    Mar 2019

    Posted 07 Oct 2019 Link to this post

    Hi There,

    It looks like the DocumentManager and ImageManager (part of the RadEditor) are not working at all when using Internet Explorer.

    The page says "This content cannot be displayed in a frame" and in the IE Developer Console I see the error "SCRIPT5: Access is denied.  Telerik.Web.UI.WebResource.axd (16532,28)"

    I have attached an image showing what I see.

    I have done some looking around and it seems like this issue was supposed to have been fixed since ASP.NET 3.5 was released.  We are targeting .NET 4.6.1

    Our Telerik DLL version are a bit out of date but we are no longer paying for the product so cannot get the latest versions.  We are currently on version 2014.2.618.45.  

    Below is the the simple code I have on a ASP.Net WebForm that we have the editor on.  When I view this editor in IE I get the error described above and shown in the attached screenshot.

    Test.aspx

    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="test.aspx.cs" Inherits="Test_test" %>
    <!DOCTYPE html>
    <head runat="server">
        <title></title>
    </head>
    <body>
        <form id="form1" runat="server">
        <telerik:RadScriptManager ID="ScriptManager" runat="server" EnableTheming="True">
        </telerik:RadScriptManager>
            <div>
                <telerik:RadEditor runat="server" ID="RadEditor1" >
                </telerik:RadEditor>
            </div>
        </form>
    </body>
    </html>

     

    Test.aspx.cs

    using System;
    public partial class Test_test : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
     
        }
    }

    Thanks in advance.

     

  2. Rumen
    Admin
    Rumen avatar
    14220 posts

    Posted 09 Oct 2019 Link to this post

    Hi Graham,

    You can prevent this frame issue by setting the HTTP header "X-Frame-Options" to sameorigin OR allow-from uri of the production web site on live


    When the value is set to sameorigin, the page can only be displayed in a frame on the same origin as the page itself. 

    When it is set to allow-from <URL of the production site>, the page can only be displayed in a frame on the specified origin.

    Both options are suitable and recommended.

    To configure IIS to send the X-Frame-Options header, add this to your site's Web.config file:

    <system.webServer>
      ...
     
      <httpProtocol>
        <customHeaders>
          <add name="X-Frame-Options" value="sameorigin" />
        </customHeaders>
      </httpProtocol>
     
      ...
    </system.webServer>

    Only the deny setting can cause troubles. If you set the X-Frame-Options to deny, the page will be not displayed in a frame, regardless of the site attempting to do so. This will affect RadEditor File Browser dialogs, RadWindow when its NavigationUrl is set and also RadTabStrip and RadSplitter, because in this scenarios their contents are loaded in an iframe. The deny option will prevent the content loading in the iframe.

    The deny option will prevent RadEditor to load the contents of its iframe based dialogs like the Image Manager, Document Manager and other, you have to configure the control to use the standard browser dialogs by setting editor.set_useClassicDialogs(true); , e.g.

    <script type="text/javascript"
    function OnClientLoad(editor) 
        editor.set_useClassicDialogs(true); 
    </script> 
    <telerik:RadEditor ID="RadEditor1" OnClientLoad="OnClientLoad" runat="server"></telerik:RadEditor>

    You can find more information at https://www.telerik.com/support/kb/aspnet-ajax/editor/details/using-browser-modal-dialog-instead-of-radwindow.

    Best Regards,
    Rumen
    Progress Telerik

    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
  3. Graham
    Graham avatar
    5 posts
    Member since:
    Mar 2019

    Posted 09 Oct 2019 Link to this post

    Hi Rumen,

    Thank you for the informative reply.

    Using the Script to use the standard browser dialogs does work, however this is our the preferred approach.

    I have tried using the following three X-Frame-Options header values and all three of them result in the same behaviour. 

    X-Frame-Options: sameorigin
    X-Frame-Options: allow-from events.eply.com
    X-Frame-Options: allow-from https://events.eply.com

    I have attached another screenshot showing this.

    Thanks again.

     

  4. Graham
    Graham avatar
    5 posts
    Member since:
    Mar 2019

    Posted 09 Oct 2019 in reply to Graham Link to this post

    Hi Rumen,

    There was a typo in my previous reply.  I meant to say "however this is not our preferred approach"

  5. Rumen
    Admin
    Rumen avatar
    14220 posts

    Posted 11 Oct 2019 Link to this post

    Hi,

    If the problem is due to the X-Frame-Options and no one of the available options works for you, the solutions are:

    Regards,
    Rumen
    Progress Telerik

    Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
Back to Top