Telerik Forums / UI for ASP.NET AJAX
This is a migrated thread and some comments may be shown as answers.

HTTP on Parent + HTTPS on Window = GetRadWindow fails with Permission denied error.

3 Answers 77 Views
Window
This is a migrated thread and some comments may be shown as answers.
Kevin Warnke
Top achievements
Rank 1
Kevin Warnke asked on 03 Mar 2011, 06:25 AM
When the parent doucment is served by HTTP and the RadWindow is accessing a resource over HTTP, the GetRadWindow() function below works fine.

When the parent doucment is served by HTTPS and the RadWindow is accessing a resource over HTTPS, the GetRadWindow() function below works fine.

When the parent doucment is served by HTTP and the RadWindow is accessing a resource over HTTPS, the GetRadWindow() function below fails when called within the window (to close itself) with Permission denied.  All the JS needed is served to the window over HTTPS.  All I'm trying to do is close the RadWindow.

Does anyone know of a work around that would allow an HTTPS window that was opened from an HTTP parent close itself?

function GetRadWindow()  
{
    var oWindow = null;  
    if (window.radWindow)
        oWindow = window.radWindow; //Will work in Moz in all cases, including clasic dialog  
    else if (window.frameElement.radWindow)
        oWindow = window.frameElement.radWindow;//IE (and Moz az well)  
    return oWindow;  
}

Thanks,
Kevin

3 Answers, 1 is accepted

Sort by
0
Svetlina Anati
Telerik team
answered on 03 Mar 2011, 12:24 PM
Hi Kevin,

 
This problem  is not directly related to the RadWindow but to security mechanisms and how the browsers work. Your main page is under http while the page loaded in the RadWindow is under https and the different protocols are treated as if they were different domains. This is called cross domain scripting and  it is a security feature in browsers so there isn't a way to disable it. This being said you cannot manipulate the RadWindow's content page if you do not have both the pages in the same domain and under the same protocol. More information can be found in the net, e.g the following search:

http://www.google.bg/search?hl=bg&source=hp&q=http+https+javascript+permission+denied+iframe&meta=&aq=f&oq=&rlz=1W1WZPA_en


Kind regards,
Svetlina
the Telerik team
Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
0
Kevin Warnke
Top achievements
Rank 1
answered on 03 Mar 2011, 03:18 PM
I'm aware of cross site scripting, etc....

But if I want to close the window (HTTPS) from within the window itself (HTTPS), shouldn't there be a way to do that?

I'm not trying to close the window from the parent, and I'm not trying to access the parent from the window.

Thanks,
Kevin
0
Svetlina Anati
Telerik team
answered on 03 Mar 2011, 04:28 PM
Hi Kevin,

The RadWindow is actually an IFRAME which is on the main page and it is not another window object - as a result you have one main page and an IFRAME with another page loaded in it. When you close the RadWindow you hide the IFRAME and this IFRAME always resides on the same main page - thus even if you close it from inside the content page, "closing" it means that you manipulate the IFRAME which is on the main page. This is how the things work and you can test with a standard IFRAME as well -  the result will be the same.

This cannot be workarounded and even if this was possible, it would lead to very big risk of hacker attacks.

Best wishes,
Svetlina
the Telerik team
Registration for Q1 2011 What’s New Webinar Week is now open. Mark your calendar for the week starting March 21st and book your seat for a walk through all the exciting stuff we ship with the new release!
Tags
Window
Asked by
Kevin Warnke
Top achievements
Rank 1
Answers by
Svetlina Anati
Telerik team
Kevin Warnke
Top achievements
Rank 1
Share this question
or