Cross Origin - window popup (window.opener is null) - javascript

What i wanted to do:
From parent window on user click open new window source is Third Party URL (different domain)
User Authenticate in Popup and then Third party submit success data on Redirect page. (Like Twitter)
From Child Window (PopUpWindow) i have to send data back to Parent window.
what i did
var windowReference= window.open('https://ThirdPartyURL', 'CrossDomain', 'width=840,scrollbars=yes,top=0');
window.parentMethod= function (input) {alert(input)}
window gets open in new window User gets authenticate and get returned data on Redirect Page
on Redirect page (child window)
window.opener.parentMethod(response);
in Firefox its working but in IE
window.opener null . Reason is cross domain . if Third party URL is in current domain then it works fine but if its cross domain windowReference gets null
to get it working i have to change Internet Settings->Security->Check Enabled
its almost impossible to do at every client machine.
i have tried to used Postmessage but it has support for IE10 and in IE8 and 9 it has support for Iframe where as in my case Third party has disabled IFRAME embedding.
can some one help me how to over come this issue . any help will be appreciated

Short answer: you can't. The cross origin policy has as a reason exactly not allowing you to do what you want (the so another site won't run js on yours and the other way around).
To get around that you need to find another way to send data (usually server side -> curl requests).

Related

Why is same-origin-policy blocking this javascript call on a local domain?

I've got a local dev site running on http://mysite.local/
(it's a Django admin site with Grappelli installed, if that's any relevance).
The admin site opens a popup window for some operations (i.e. via showRelatedObjectLookupPopup())
Due to previous similar issues with same-origin-policy (in production, the admin site loads some URLs from a CDN domain, which can trigger it) we have a "normaliser" JS function that explicitly sets:
document.domain = "mysite.local";
Both in the parent and in the popup, on page load.
The popup contains a link with an onclick handler that triggers a JS function in the parent:
onclick="opener.dismissRelatedLookupPopup(window, '422'); return false;"
Clicking this link in Chrome or FF results in a similar browser error:
Permission denied to access property "dismissRelatedLookupPopup" on
cross-origin object
or
Blocked a frame with origin "http://mysite.local" from accessing a
cross-origin frame.
Both the popup and the opener URLs share the same protocol, domain and port.
This is only an issue on the local domain. On dev/uat/production sites, (i.e. dev.mysite.com), all of which have their domain set to the superdomain "mysite.com" by the above "normaliser" function, the popup can successfully call the JS function in the parent.
What's stopping it on the local domain? What have I missed?
It seems that switching the local domain, as per the original suggestion from #charlietfl, has indeed fixed the issue. It now runs locally as local.mysite.com instead of mysite.local, and the same-origin error has gone. I'm still unclear on what was triggering the error (was it because the the domain had only two parts as opposed to three? Was it something specific to domains ending in ".local"?) but in the unlikely event that anyone else trips up on this, that's what fixed it for me.

passing message with postMessage() in cross origin manner

I am developing a chrome extension, in which I am working on two windows. The second window has been opened by the first window, through JavaScript. What I want to do is, to get the URL of the window opened by the first window. I have tried some methods, like using cookies, local Storage but I failed because of the cross origin policy. Now I came to know after a tutorial on postMessage() API of JavaScript that it overcomes the policy of cross origin. What I am doing is, I am accessing the URL from my localhost, and trying to get the URL of any other site, or possible I can get a simple message from that, but its not working for me as well. As I am not even getting any error and not even a warning. My goal is to get the URL, after when the child window loads. I will require on load function, so that I can check when the window is loaded right after it send me the message to my current window where it has been opened from.
My Code
var win = window.open('https://javascript.info/','_blank');
win.focus();
win.postMessage('The URL of the window is : ' + document.URL,'http://localhost.com/ext_files/index.php');
window.addEventListener("message", function(event) {
if (event.origin != 'https://javascript.info/') {
// something from an unknown domain, let's ignore it
return;
}
alert(event.data);
});

Open a New tab From iframe javascript event without pop up block

I have a iframe in a page.
After i successfully send data to server within iframe, the server responds with next URL to open , i want to open the next URL in a new tab or in the parent window.
The Problem i am facing is, the browser treats it as a popup and blocks it.
In chrome it is treated as pop up and in safari it doesn't do anything.
The iframe is pointing to iframe (written in REACT)
The parent URL is main page.
Here is the part of the code that s causing error.
this.props.dispatch(actions.init_db(vals, (error,data)=>{
this.setState({loading:false})
if(error){
this.setState({error:error});
}else{
url=data.next_url;
var win=window.open(url);
win.focus();
}
}));
Basically actions.init_db() calls an ajax function that writes the value to the server.
The server than responds with error or data.If no errror, the data contains Next URL and i want to open the URL.
Any Suggestion or alternate to this solution is highly appreciated.
You can't. If you call window.open from code that isn't running in direct response to a user action (such as a click), it's likely to get blocked by the popup blocker of the browser. The solution is to make sure you're running that code in direct response to a user action. So for instance, when you have the URL from the server, show a div on the page with the link in it for the user to open themselves.

Reload parent iframe from child popup

I have one page say display.aspx that is being used in other sites in Iframe. In display.aspx page, I have one button which opens Facebook popup for sharing. After successful share it gives me response in one page in my site say FBResponse.aspx. From FBResponse.aspx,I want to reload the display.aspx page.
I have tried 1) window.opener.history.go(0);
2) window.opener.location.reload(false);
3) opener.location.reload(false);
But none of these working for me.
Moreover, I have made one function in display.aspx page, in that function I have written code to reload the page. I tried to call this function from FBResponse.aspx ,but in Chrome I am getting error The frame requesting access has a protocol of 'https', the frame being accessed has a protocol of 'http'. Protocols must match and in FF I am getting error Permission denied to access property in IFRAME. Actually my site is working on https where as the sites which are using my page display.aspx might be using http protocol.
Any solution?
Thanks,
Priya
Hey Try This one.
<form onsubmit="window.top.location.href = 'http://www.wesite.com/test.html';">
Be attention iframe and top must be on same domain and don't break same origin policy.
Hope it would helps you.
You can't unless both page and iframe have same domain (and in this case you can make protocols to match). Same origin policy can be a biatch.

Javascript cross domain problem

Our website gives a widget to be installed in pages (a piece of Javascript that writes an iframe element and inside it renders things and you see rss, images, and other stuff).
I need, after the user do some stuff, to redirect the page (where the widget is) to another location, but using top.document.location is forbidden since the page and the iframe generated by the widget are in different location, and using window.open is usually blocked by popup blockers.
How can i do it ?
Try:
window.location.href = "url";
Although reading properties from the top window is disallowed, some of them are open to writing - and one of these are location.
Simply do
top.location = "http://foo/bar";
and it will redirect just fine.

Categories