Access denied not a cross-host issue

Discussion in 'Javascript' started by George Hester, Nov 18, 2004.

  1. Please take a look at this google artcle:

    http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9

    The op was having trouble with access denied using resizeTo. I am having the same issue
    but the explanations in this article don't seem to apply here. I am not trying to
    resize a window with content from a different server. This issue lies here.

    What I do is make a popup window in a manner that I was given here. I like it
    better then what I had. Here it is:

    <script language="javascript" type="text/javascript">
    <!-- Begin
    // Set the url of the banner popup window page
    var theURL = '<%="/redir/default1.asp?pg=" & Server.URLEncode(strsnd1) & "&splt=" & splt1%>';

    // Set the title of the popup window
    var title = 'Warning';

    // Set the size of the popup window
    var windowWidth = 715; // cannot be less than 100
    var windowHeight = 360; // cannot be less than 100

    // Set the position of the popup window
    var windowX = 35;
    var windowY = 200;

    // Set true to auto-center (positions will be ignored)
    var autocenter = true;

    // Set true for popup to close when launch page does
    var autoclose = true;

    var s = 'width='+windowWidth+',height='+windowHeight;
    var beIE = ua.ie;
    var done = new Object('no');

    if (autocenter){
    windowX = (window.screen.width-windowWidth)/2;
    windowY = ((window.screen.height-windowHeight)/2)+50;
    }

    function doAgilePopup(){
    if (beIE){
    var frameString = [
    '<html>',
    '<head>',
    '<title>'+title+'</title>',
    '</head>',
    '<frameset rows="*,0" framespacing="0" border="0" frameborder="0">',
    '<frame name="top" src="'+theURL+'" scrolling="no" />',
    '<frame name="bottom" src="about:blank" scrolling="no" />',
    '</frameset>',
    '</html>'
    ].join('\n');
    window.newWindowHtml = frameString;
    agilePopper = window.open('javascript:eek:pener.newWindowHtml','popAgile','fullscreen=yes,'+s);
    agilePopper.blur();
    window.focus();
    try{
    if (typeof(agilePopper) == 'object'){
    agilePopper.resizeTo(windowWidth,windowHeight);
    agilePopper.moveTo(windowX,windowY);
    }
    }
    catch(e){ alert('Cant\'t move window'); }
    }
    else{
    agilePopper=window.open(theURL,'popAgile','scrollbars=no,'+s);
    agilePopper.blur();
    window.focus();
    agilePopper.resizeTo(windowWidth,windowHeight);
    agilePopper.moveTo(windowX,windowY);
    }
    agilePopper.focus();
    if (autoclose)
    window.onunload = function(){ agilePopper.close(); }
    done = 'okay';
    }
    // End -->
    </script>

    You can see I try catch where the issue occurs. I know that it is accessed denied because that is what
    the javascript exception says. Any way this does NOT occur all the time. If I access this page directly
    then I get this error message. But if I access this page from links on my server I do NOT. Is that the
    issue? The other host that I am accessing is called (none) and that is enough to throw this access
    denied error? The trouble is the page appears fine and everthing works except the resizing and
    moveto. And then they work when the page has a Referrer from my site. Thanks for any further
    light on this issue and any suggestions how to work around this (besedes chucking it) would be greatly
    appreciated.

    --
    George Hester
    _________________________________
     
    George Hester, Nov 18, 2004
    #1
    1. Advertising

  2. George Hester

    RobG Guest

    George Hester wrote:
    > Please take a look at this google artcle:
    >
    > http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    >

    [...]

    The issue seems to belong very much to IE rather than to JavaScript,
    perhaps you'll get more information from an IE-centric group?

    The general consensus seems to be don't use popups at all, much less
    try to move and re-size them. Loading scripts from the local machine
    also seems to cause problems in IE, but I'm no IE guru and not aware of
    all the issues it has.

    Cheers, Rob.
     
    RobG, Nov 18, 2004
    #2
    1. Advertising

  3. "George Hester" <> wrote:

    >Please take a look at this google artcle:
    >
    >http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    >
    >The op was having trouble with access denied using resizeTo. I am having the same issue
    >but the explanations in this article don't seem to apply here. I am not trying to
    >resize a window with content from a different server. This issue lies here.
    >
    >What I do is make a popup window in a manner that I was given here. I like it
    >better then what I had. Here it is:

    <snip />

    Seems like if you opened the window with the size and position you
    wanted you wouldn't have to worry about resizeTo and moveTo not
    working.
    http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp

    Regards,
    Steve
     
    Steve van Dongen, Nov 18, 2004
    #3
  4. "Steve van Dongen" wrote in message news:...
    > "George Hester" <> wrote:
    >
    > >Please take a look at this google artcle:
    > >
    > >http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    > >
    > >The op was having trouble with access denied using resizeTo. I am having the same issue
    > >but the explanations in this article don't seem to apply here. I am not trying to
    > >resize a window with content from a different server. This issue lies here.
    > >
    > >What I do is make a popup window in a manner that I was given here. I like it
    > >better then what I had. Here it is:

    > <snip />
    >
    > Seems like if you opened the window with the size and position you
    > wanted you wouldn't have to worry about resizeTo and moveTo not
    > working.
    > http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp
    >
    > Regards,
    > Steve


    Yes I tried that Steve. But guess what? It doesn't work right. If I set the open statement like this:

    //
    var s = 'width='+windowWidth+',height='+windowHeight+',left='+windowX+',top='+windowY;
    //
    agilePopper = window.open('javascript:eek:pener.newWindowHtml','popAgile','fullscreen=yes,'+s);
    //

    then the agilePopper opens fullscreen. Just as the statement says it should. The dimension and
    placement is ignored.

    There is one other thing you may find interesting. The way this works is when a page (ASP) is
    accessed and if a session variable has not been previously set then this page is accessed to cause this
    popup to appear. At this point the link is in this form:

    http://www.mydomain.com/more5/more5.asp

    This popup will be a relatively small window with its parent as the background to it. You can also
    move the child around you jast cannot close it. The parent can be closed but this obviously destroys
    the child so in any case the options avaiable in the child MUST be chosen to proceed or the user ends
    up nowhere.

    Now this link above CAN be accessed directly and there is no issue. The popup behaves admirably.
    But if the client tried to access the page directly like this:

    http://www.mydomauin.com/more5/more5.asp?id=mc18045.jpg&plt=more5&sze=112 KB&wh=640 x 469&rdr=cube

    then I get the "access denied." The user wouldn't even know anything untoward happened if they had
    debugging disabled because the popup opens full screen causing the parent to be behind it and so
    hidden which is where the error message appears. The alert box you see I make is also unnoticeable.

    So I think it has something to do with accessing a file namely the image "mc18045.jpg" or the encoding
    that is set into the javascript statements. If I am unclear about something let me know and I can
    try to explain the issue better. And any further suggestions will always be taken with the best
    of consideration.

    George Hester
    _________________________________
     
    George Hester, Nov 18, 2004
    #4
  5. "RobG" <> wrote in message news:419c5ab5$0$25762$...
    > George Hester wrote:
    > > Please take a look at this google artcle:
    > >
    > > http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    > >

    > [...]
    >
    > The issue seems to belong very much to IE rather than to JavaScript,
    > perhaps you'll get more information from an IE-centric group?
    >
    > The general consensus seems to be don't use popups at all, much less
    > try to move and re-size them. Loading scripts from the local machine
    > also seems to cause problems in IE, but I'm no IE guru and not aware of
    > all the issues it has.
    >
    > Cheers, Rob.


    Every browser has their own idiosynchrosies with JavaScript. That is the nature of the beast. I don't
    think posting my question here was wrong the answer may just not be known.

    Thanks.

    George Hester
    _________________________________
     
    George Hester, Nov 18, 2004
    #5
  6. "George Hester" <> wrote:

    >"Steve van Dongen" wrote in message news:...
    >> "George Hester" <> wrote:
    >>
    >> >Please take a look at this google artcle:
    >> >
    >> >http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    >> >
    >> >The op was having trouble with access denied using resizeTo. I am having the same issue
    >> >but the explanations in this article don't seem to apply here. I am not trying to
    >> >resize a window with content from a different server. This issue lies here.
    >> >
    >> >What I do is make a popup window in a manner that I was given here. I like it
    >> >better then what I had. Here it is:

    >> <snip />
    >>
    >> Seems like if you opened the window with the size and position you
    >> wanted you wouldn't have to worry about resizeTo and moveTo not
    >> working.
    >> http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp
    >>
    >> Regards,
    >> Steve

    >
    >Yes I tried that Steve. But guess what? It doesn't work right. If I set the open statement like this:
    >
    >//
    >var s = 'width='+windowWidth+',height='+windowHeight+',left='+windowX+',top='+windowY;
    >//
    >agilePopper = window.open('javascript:eek:pener.newWindowHtml','popAgile','fullscreen=yes,'+s);
    >//
    >
    >then the agilePopper opens fullscreen. Just as the statement says it should. The dimension and
    >placement is ignored.


    That's weird.

    I didn't notice the fullscreen option in your window.open call before.
    The answer to your original question is taht In IE6 SP1, for security
    reasons, full screen windows cannot be resized by script.

    Regards,
    Steve
     
    Steve van Dongen, Nov 19, 2004
    #6
  7. "Steve van Dongen" <> wrote in message news:...
    > "George Hester" <> wrote:
    >
    > >Please take a look at this google artcle:
    > >
    > >http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    > >
    > >The op was having trouble with access denied using resizeTo. I am having the same issue
    > >but the explanations in this article don't seem to apply here. I am not trying to
    > >resize a window with content from a different server. This issue lies here.
    > >
    > >What I do is make a popup window in a manner that I was given here. I like it
    > >better then what I had. Here it is:

    > <snip />
    >
    > Seems like if you opened the window with the size and position you
    > wanted you wouldn't have to worry about resizeTo and moveTo not
    > working.
    > http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp
    >
    > Regards,
    > Steve


    OK I fugured it out. You see IIS In Windows 2000 when passing a URL always passes the URL
    such that certain characters are changed. It does this to a space changes it to + and it does it to . changes it to %2E. Therefore if you receive the URL in a different page using Request.QueryString('paramater') you will get the URL with those characters changed. It also does it to : but that one isn't necessary here to go into.

    Anyway this is how I was passing the URL and in the receiving ASP I used Server.URLEncode on it. This casued the percentages % to also be encoded to %25. So an image like this.jpg became
    this%252Ejpg. Now this didn't stop the image from being displayed but JavaScript did not like it one
    bit.

    Access denied.

    So I changed the encoding around a little bit to catch what IIS does when passing a URL as a
    parameter.

    George Hester
    _________________________________
     
    George Hester, Nov 19, 2004
    #7
  8. "Steve van Dongen" <> wrote in message news:...
    > "George Hester" <> wrote:
    >
    > >"Steve van Dongen" wrote in message news:...
    > >> "George Hester" <> wrote:
    > >>
    > >> >Please take a look at this google artcle:
    > >> >
    > >> >http://groups.google.com/groups?hl=...5f9382&seekm=411f370d$#link9
    > >> >
    > >> >The op was having trouble with access denied using resizeTo. I am having the same issue
    > >> >but the explanations in this article don't seem to apply here. I am not trying to
    > >> >resize a window with content from a different server. This issue lies here.
    > >> >
    > >> >What I do is make a popup window in a manner that I was given here. I like it
    > >> >better then what I had. Here it is:
    > >> <snip />
    > >>
    > >> Seems like if you opened the window with the size and position you
    > >> wanted you wouldn't have to worry about resizeTo and moveTo not
    > >> working.
    > >> http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp
    > >>
    > >> Regards,
    > >> Steve

    > >
    > >Yes I tried that Steve. But guess what? It doesn't work right. If I set the open statement like this:
    > >
    > >//
    > >var s = 'width='+windowWidth+',height='+windowHeight+',left='+windowX+',top='+windowY;
    > >//
    > >agilePopper = window.open('javascript:eek:pener.newWindowHtml','popAgile','fullscreen=yes,'+s);
    > >//
    > >
    > >then the agilePopper opens fullscreen. Just as the statement says it should. The dimension and
    > >placement is ignored.

    >
    > That's weird.
    >
    > I didn't notice the fullscreen option in your window.open call before.
    > The answer to your original question is taht In IE6 SP1, for security
    > reasons, full screen windows cannot be resized by script.
    >
    > Regards,
    > Steve


    Yes I know. That was OK until Windows XP SP2 now I don't know what is going to happen. I have
    to put together that Op sys and see how it goes. The issue of a forced status bar may present a
    problem. I like this thing because it gives me complete control over that segment of accessing the site.
    And I mean complete control. I don't like people coming by just to have something to complain about.
    So I was asked to guard the site and so I did.

    Anyway I figured out the issue. If you look at what I said was the URL that caused the problem:

    http://www.mydomauin.com/more5/more5.asp?id=mc18045.jpg&plt=more5&sze=112 KB&wh=640 x 469&rdr=cube

    that was actually wrong. That link does work correctly. Had a little sneaky stufff going on where in fact the link was looking like this:

    http://www.mydomauin.com/more5/more5.asp?id=mc18045%2Ejpg&plt=more5&sze=112 KB&wh=640 x 469&rdr=cube

    Accessed Denied.

    The issue is Request.ServerVariables("URL) and Server.URLEncode in the more5.asp page. There is some funky encoding going on. It's the old issue of encoding and then encoding again. In JavaScript it would be called escaping and then escaping again. Which causes the problem. Here was the fix: (in VBScript Server-side)

    <%
    '
    Response.Redirect "/Logon.asp?from=" & Replace(Server.URLEncode(s), "%252E", "%2E")
    '
    %>

    This is not right it's a cobjob but will suffice for now until I can find out how to fix this Micrsooft
    SNAFU.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;301464

    --
    George Hester
    _________________________________
     
    George Hester, Nov 19, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,484
    CyberOwl
    Sep 7, 2009
  2. Orpheus66
    Replies:
    0
    Views:
    4,478
    Orpheus66
    Jul 30, 2003
  3. Jay
    Replies:
    2
    Views:
    1,100
  4. Jerry Qu
    Replies:
    1
    Views:
    507
    lee atkinson
    Feb 20, 2009
  5. Cindy Lee
    Replies:
    1
    Views:
    430
    Randy Webb
    May 7, 2004
Loading...

Share This Page