开发者

JavaScript permission denied. How to allow cross domain scripting between trusted domains?

We have a .net based application hosted with SAP enterprise portal iframes. The domain of the SAP portal is al.xx.companyname.com. The domain of the .Net application server is ss.xx.companyname.com.

Now when I open the application through Enterprise portal, I get a 'Permission denied' JavaScript error. I enabled script debugging in IE and then attached visual studio debugger to the JavaScript error. I noticed the error is thrown from the following JavaScript code to set/ reset dirty flags.

if(top.EPCM!=null)

Understandably the issue is due to cross domain scripting. i.e. the application server of ss.xx.companyname.com is trying to access the browser component of enterprise portal of domain al.xx.companyname.com.

However this cross scripting is a trusted domain scripting and I want to somehow allow this cross scripting. I tried to set the pr开发者_如何学运维imary DNS suffix of the application server. by following the below approach.

  1. Right click on My computer of application server. (Windows 2003 server, by the way)
  2. select properties - Computer Name
  3. Click Change button and in the next window click More button
  4. And under the'Primary DNS suffix of this computer' textbox, I entered the value - al.xx.companyname.com.

Now after the above settings, I assume the domains of both enterprise portal and application server will be taken as al.xx.companyname.com. However I am still getting the JavaScript permission denied error in the same JavaScript code mentioned above.

As suggested in the replies, I also implemented document.domain approach.

var requireddomain = 'al.xx.companyname.com';
var text = document.domain; //returns the domain as ss.xx.companyname.com

if (text != requireddomain) 
        {
            for (i=0; i < 2; i++)
            {
                dotposition = text.indexOf( "." );
                text = text.substr(dotposition +1);
            }
            document.domain = text;
         }

    if(top.EPCM!=null)

With the above code, the document.domain object is set as companyname.com which is common to both Enterprise portal and application server. However still the permission denied issue is thrown in the line >> if(top.EPCM!=null)

This issue is breaking my head for past 3 days. Can someone please help me with this? The objective is to allow cross domain scripting between application server and enterprise portal which is a trusted connection. Thanks.

Update:

Interesting & frustrating development. I have installed ssl certificates in my application server. And still the permission denied error is thrown.

  • Portal domain: al.xx.companyname.com
  • app domain: ss.xx.companyname.com

I was trying to set the document.domain property to 2 sublevels down, i.e to companyname.com.

But still the 'permission denied error' occurs.

I guess, the setting of document.domain will only work if the app domain is a subset of portal domain. i.e.

  • portal domain: al.xx.companyname.com
  • App domain: ss.al.xx.companyname.com.

In the above case, I can just reduce the app domain to one sublevel down (to al.xx.companyname.com). Then I guess, it would work.

However in my case the portal and app servers are 2 branched subdomains of the same companyname.com and hence cross scripting is still not allowed.

Any suggestions on how to proceed?


The Same Origin Policy is probably so strict that it doesn't make exceptions even with trusted sites.

The cross-browser document.domain property should be able to solve this:

There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement:

document.domain = "company.com";

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜