This is a migrated thread and some comments may be shown as answers.

Access is denied for DocumentManager in Internet Explorer

4 Answers 136 Views
Editor
This is a migrated thread and some comments may be shown as answers.
Graham
Top achievements
Rank 1
Graham asked on 07 Oct 2019, 04:04 PM

Hi There,

It looks like the DocumentManager and ImageManager (part of the RadEditor) are not working at all when using Internet Explorer.

The page says "This content cannot be displayed in a frame" and in the IE Developer Console I see the error "SCRIPT5: Access is denied.  Telerik.Web.UI.WebResource.axd (16532,28)"

I have attached an image showing what I see.

I have done some looking around and it seems like this issue was supposed to have been fixed since ASP.NET 3.5 was released.  We are targeting .NET 4.6.1

Our Telerik DLL version are a bit out of date but we are no longer paying for the product so cannot get the latest versions.  We are currently on version 2014.2.618.45.  

Below is the the simple code I have on a ASP.Net WebForm that we have the editor on.  When I view this editor in IE I get the error described above and shown in the attached screenshot.

Test.aspx

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="test.aspx.cs" Inherits="Test_test" %>
<!DOCTYPE html>
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <telerik:RadScriptManager ID="ScriptManager" runat="server" EnableTheming="True">
    </telerik:RadScriptManager>
        <div>
            <telerik:RadEditor runat="server" ID="RadEditor1" >
            </telerik:RadEditor>
        </div>
    </form>
</body>
</html>

 

Test.aspx.cs

using System;
public partial class Test_test : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
 
    }
}

Thanks in advance.

 

4 Answers, 1 is accepted

Sort by
0
Rumen
Telerik team
answered on 09 Oct 2019, 12:37 PM

Hi Graham,

You can prevent this frame issue by setting the HTTP header "X-Frame-Options" to sameorigin OR allow-from uri of the production web site on live


When the value is set to sameorigin, the page can only be displayed in a frame on the same origin as the page itself. 

When it is set to allow-from <URL of the production site>, the page can only be displayed in a frame on the specified origin.

Both options are suitable and recommended.

To configure IIS to send the X-Frame-Options header, add this to your site's Web.config file:

<system.webServer>
  ...
 
  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="sameorigin" />
    </customHeaders>
  </httpProtocol>
 
  ...
</system.webServer>

Only the deny setting can cause troubles. If you set the X-Frame-Options to deny, the page will be not displayed in a frame, regardless of the site attempting to do so. This will affect RadEditor File Browser dialogs, RadWindow when its NavigationUrl is set and also RadTabStrip and RadSplitter, because in this scenarios their contents are loaded in an iframe. The deny option will prevent the content loading in the iframe.

The deny option will prevent RadEditor to load the contents of its iframe based dialogs like the Image Manager, Document Manager and other, you have to configure the control to use the standard browser dialogs by setting editor.set_useClassicDialogs(true); , e.g.

<script type="text/javascript"
function OnClientLoad(editor) 
    editor.set_useClassicDialogs(true); 
</script> 
<telerik:RadEditor ID="RadEditor1" OnClientLoad="OnClientLoad" runat="server"></telerik:RadEditor>

You can find more information at https://www.telerik.com/support/kb/aspnet-ajax/editor/details/using-browser-modal-dialog-instead-of-radwindow.

Best Regards,
Rumen
Progress Telerik

Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
0
Graham
Top achievements
Rank 1
answered on 09 Oct 2019, 08:45 PM

Hi Rumen,

Thank you for the informative reply.

Using the Script to use the standard browser dialogs does work, however this is our the preferred approach.

I have tried using the following three X-Frame-Options header values and all three of them result in the same behaviour. 

X-Frame-Options: sameorigin
X-Frame-Options: allow-from events.eply.com
X-Frame-Options: allow-from https://events.eply.com

I have attached another screenshot showing this.

Thanks again.

 

0
Graham
Top achievements
Rank 1
answered on 09 Oct 2019, 08:46 PM

Hi Rumen,

There was a typo in my previous reply.  I meant to say "however this is not our preferred approach"

0
Rumen
Telerik team
answered on 11 Oct 2019, 01:03 PM

Hi,

If the problem is due to the X-Frame-Options and no one of the available options works for you, the solutions are:

Regards,
Rumen
Progress Telerik

Get quickly onboarded and successful with your Telerik and/or Kendo UI products with the Virtual Classroom free technical training, available to all active customers. Learn More.
Tags
Editor
Asked by
Graham
Top achievements
Rank 1
Answers by
Rumen
Telerik team
Graham
Top achievements
Rank 1
Share this question
or