Issue with window.opener in trusted sites (IE8) - javascript

Here is my issue: I am opening a popup from the main browser window, where the use logs in to a 3rd party site. After logging in, the popup window is being redirected to our site, where I have to send back a message to the original window.
I am using window.opener for sending the message. Everything works fine in IE*/Firefox/etc, but if the 3rd party site is added to the trusted sites in IE, the window.opener won't work anymore.
Why does this happen? How could this be resolved?
Thanks in advance

Related

Window.open() reference blocked in IE11

I'm implementing Twitter OAuth sign in in my web app. I'm doing this in a separate window popup, since I read that IFrame is no longer allowed in OAuth. So, as soon I open a new window on Twitter domain, IE sets twitterWindow reference to null. This is due to IE's aggressive Internet zone security settings, which I can't ask from users to disable.
var twitterWindow = window.open(twitterUrl, "TwitterLoginPopup", "width=600, height=600");
When Twitter redirects window back to my domain (after successful or failed authentication), I can see window again and handle the results. But use-case that troubles me is when user closes the window manually and since I don't have its reference, I can't handle that closure.
I tried to implement postMessage() communication between application and window, but that's also impossible without window reference. Does anybody have any workaround for this or idea for different implementation of the OAuth? Thanks in advance.

IE11 does not send cookies to server after opening a new window from a nested frameset

Summary: A client has a problem when launching a new browser window using IE11, where no cookies are sent to the new window. I am unable to reproduce the problem locally. It will work if they use FireFox or a different LMS.
Detail: The client is running a LMS and imports a SCORM package from us which opens a frameset to our site - note the clients LMS and our content are on different domains.
As part of the content the user clicks on a link and a new window is opened using window.open(url, "_blank"...) or an anchor tag with a _blank target, the url is always on the same domain as the page that launched it.
When the new window is opened no cookies from the previous page are sent.
I can see that additional requests on the previous page maintain the cookies and new cookies set within the new window are sent back and forth.
If the client uses FireFox to launch the LMS or if the client launches the content from ScormCloud within IE the problem does not occur and the new window launches with all cookies intact.
I have attempted to replicate their environment locally (same OS, IE and configuration settings) but I am unable to reproduce the problem, or work out how to work around the problem.
Any ideas on what the problem may be, how to reproduce it or even work around it?

Opening Up Facebook app outside Facebook

I have a web app which I am loading in Facebook iframes. The thing is my app opens File Picker which sends backs the data form where it was loaded. But if my web app is inside an iframe it doesn't allow File picker to communicate back due to security reasons.
So what I am doing it when the users on my FB page click on my app I take them out of the facebook and open my web app in browser. This thing works perfectly in Android or on my Windows. But in Iphone it doesn't takes the app outside and doesn't open it in the browser.
Do you know why? Is there a solution for it?
Seems the problem is a security feature of the browser's popup blocker.
It treats the window as a popup if it occurs outside of the callback of a user interaction.
It therefore gets buckets as a popup and blocked.
Unfortunately, iOS Safari gives absolutely no indication of this, making the issue difficult to track down.

Why IE8 blocking a pop-up window which appears in IE7?

I am working on a client server application,in which we open client on our pc by URL:http:\[ip of server]:[port no].
My application start by using the URL mentioned in IE, and one pop-up comes in which we perform every action of the apllication and original window we can close as they are only for starting. One of my customer is using IE8 and he is facing a problem in which after clicking on save to bookmark the pop-up is not coming and hence not able to save. In IE7 pop-up as an another window is coming and giving the option to save.
What is blocking the pop-up? Thanks in Advance...
For popups the same goes as for spam email - as the popup developers get smarter, so do the popup blocker developers. As such it makes sense that newer browser versions are stricter in the rules they evaluate to determine when a popup needs to be blocked.
All modern browsers follow the same rules, that all boil down to "popups are only allowed if the user directly initiated them". This means that they guard execution paths, and every call to window.open is caught by the popup blocker unless it can be directly traced to a user action. And as popup developers invented more inventive ways to make a browser think the user initiated it, popup blockers got more inventive in detecting them.
A quite plausible explanation is also that you are developing on a LAN, where IE applies lower security settings by default, allowing more user popups automatically. We cannot see that from your post though.

Bookmarklet Opens Empty Window

Ok so I have a basic bookmarklet that opens remote websites. However when I try to open my local dev site it just opens to a blank page. I am assuming this has something to do with security etc.
I set the bookmarklet to open one of my remote sites, gnull.com - This worked fine. I then set gnull.com to resolve to 127.0.0.1 and changed my bindings in IIS. The result this time is that a new window opens however it is blank. When I look at the headers being sent only one is created with a result of 'error' and a type of 'NS_ERROR_ABORT'.
I am using Firefox 4 on Windows 7. Does anyone know how to setup bookmarklets for testing local sites? The code itself works fine since I have tested this with other live websites so this appears to be a browser security feature.
So as I mentioned in the comment, I found the issue was with ABE - a component of the noscript extension. ABE blocks scripts from accessing local resources, in my case a local website. I disabled ABE in the noscript options and everything works fine.

Categories