Access denied not a cross-host issue

[George Hester]

Please take a look at this google artcle:

http://groups.google.com/groups?hl=...5f9382&[email protected]#link9

The op was having trouble with access denied using resizeTo. I am having the same issue
but the explanations in this article don't seem to apply here. I am not trying to
resize a window with content from a different server. This issue lies here.

What I do is make a popup window in a manner that I was given here. I like it
better then what I had. Here it is:

<script language="javascript" type="text/javascript">
<!-- Begin
// Set the url of the banner popup window page
var theURL = '<%="/redir/default1.asp?pg=" & Server.URLEncode(strsnd1) & "&splt=" & splt1%>';

// Set the title of the popup window
var title = 'Warning';

// Set the size of the popup window
var windowWidth = 715; // cannot be less than 100
var windowHeight = 360; // cannot be less than 100

// Set the position of the popup window
var windowX = 35;
var windowY = 200;

// Set true to auto-center (positions will be ignored)
var autocenter = true;

// Set true for popup to close when launch page does
var autoclose = true;

var s = 'width='+windowWidth+',height='+windowHeight;
var beIE = ua.ie;
var done = new Object('no');

if (autocenter){
windowX = (window.screen.width-windowWidth)/2;
windowY = ((window.screen.height-windowHeight)/2)+50;
}

function doAgilePopup(){
if (beIE){
var frameString = [
'<html>',
'<head>',
'<title>'+title+'</title>',
'</head>',
'<frameset rows="*,0" framespacing="0" border="0" frameborder="0">',
'<frame name="top" src="'+theURL+'" scrolling="no" />',
'<frame name="bottom" src="about:blank" scrolling="no" />',
'</frameset>',
'</html>'
].join('\n');
window.newWindowHtml = frameString;
agilePopper = window.open('javascriptpener.newWindowHtml','popAgile','fullscreen=yes,'+s);
agilePopper.blur();
window.focus();
try{
if (typeof(agilePopper) == 'object'){
agilePopper.resizeTo(windowWidth,windowHeight);
agilePopper.moveTo(windowX,windowY);
}
}
catch(e){ alert('Cant\'t move window'); }
}
else{
agilePopper=window.open(theURL,'popAgile','scrollbars=no,'+s);
agilePopper.blur();
window.focus();
agilePopper.resizeTo(windowWidth,windowHeight);
agilePopper.moveTo(windowX,windowY);
}
agilePopper.focus();
if (autoclose)
window.onunload = function(){ agilePopper.close(); }
done = 'okay';
}
// End -->
</script>

You can see I try catch where the issue occurs. I know that it is accessed denied because that is what
the javascript exception says. Any way this does NOT occur all the time. If I access this page directly
then I get this error message. But if I access this page from links on my server I do NOT. Is that the
issue? The other host that I am accessing is called (none) and that is enough to throw this access
denied error? The trouble is the page appears fine and everthing works except the resizing and
moveto. And then they work when the page has a Referrer from my site. Thanks for any further
light on this issue and any suggestions how to work around this (besedes chucking it) would be greatly
appreciated.

 

[RobG]

Please take a look at this google artcle:

http://groups.google.com/groups?hl=...5f9382&[email protected]#link9

[...]

The issue seems to belong very much to IE rather than to JavaScript,
perhaps you'll get more information from an IE-centric group?

The general consensus seems to be don't use popups at all, much less
try to move and re-size them. Loading scripts from the local machine
also seems to cause problems in IE, but I'm no IE guru and not aware of
all the issues it has.

Cheers, Rob.

 

[Steve van Dongen]

Please take a look at this google artcle:

http://groups.google.com/groups?hl=...5f9382&[email protected]#link9

The op was having trouble with access denied using resizeTo. I am having the same issue
but the explanations in this article don't seem to apply here. I am not trying to
resize a window with content from a different server. This issue lies here.

What I do is make a popup window in a manner that I was given here. I like it
better then what I had. Here it is:

<snip />

Seems like if you opened the window with the size and position you
wanted you wouldn't have to worry about resizeTo and moveTo not
working.
http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp

Regards,
Steve

 

[George Hester]

<snip />

Seems like if you opened the window with the size and position you
wanted you wouldn't have to worry about resizeTo and moveTo not
working.
http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp

Regards,
Steve

Yes I tried that Steve. But guess what? It doesn't work right. If I set the open statement like this:

//
var s = 'width='+windowWidth+',height='+windowHeight+',left='+windowX+',top='+windowY;
//
agilePopper = window.open('javascriptpener.newWindowHtml','popAgile','fullscreen=yes,'+s);
//

then the agilePopper opens fullscreen. Just as the statement says it should. The dimension and
placement is ignored.

There is one other thing you may find interesting. The way this works is when a page (ASP) is
accessed and if a session variable has not been previously set then this page is accessed to cause this
popup to appear. At this point the link is in this form:

http://www.mydomain.com/more5/more5.asp

This popup will be a relatively small window with its parent as the background to it. You can also
move the child around you jast cannot close it. The parent can be closed but this obviously destroys
the child so in any case the options avaiable in the child MUST be chosen to proceed or the user ends
up nowhere.

Now this link above CAN be accessed directly and there is no issue. The popup behaves admirably.
But if the client tried to access the page directly like this:

http://www.mydomauin.com/more5/more5.asp?id=mc18045.jpg&plt=more5&sze=112+KB&wh=640+x+469&rdr=cube

then I get the "access denied." The user wouldn't even know anything untoward happened if they had
debugging disabled because the popup opens full screen causing the parent to be behind it and so
hidden which is where the error message appears. The alert box you see I make is also unnoticeable.

So I think it has something to do with accessing a file namely the image "mc18045.jpg" or the encoding
that is set into the javascript statements. If I am unclear about something let me know and I can
try to explain the issue better. And any further suggestions will always be taken with the best
of consideration.

George Hester
_________________________________

 

[George Hester]

Please take a look at this google artcle:

http://groups.google.com/groups?hl=...5f9382&[email protected]#link9

[...]

The issue seems to belong very much to IE rather than to JavaScript,
perhaps you'll get more information from an IE-centric group?

The general consensus seems to be don't use popups at all, much less
try to move and re-size them. Loading scripts from the local machine
also seems to cause problems in IE, but I'm no IE guru and not aware of
all the issues it has.

Cheers, Rob.

Every browser has their own idiosynchrosies with JavaScript. That is the nature of the beast. I don't
think posting my question here was wrong the answer may just not be known.

Thanks.

George Hester
_________________________________

 

[Steve van Dongen]

in message news:[email protected]...

Yes I tried that Steve. But guess what? It doesn't work right. If I set the open statement like this:

//
var s = 'width='+windowWidth+',height='+windowHeight+',left='+windowX+',top='+windowY;
//
agilePopper = window.open('javascriptpener.newWindowHtml','popAgile','fullscreen=yes,'+s);
//

then the agilePopper opens fullscreen. Just as the statement says it should. The dimension and
placement is ignored.

That's weird.

I didn't notice the fullscreen option in your window.open call before.
The answer to your original question is taht In IE6 SP1, for security
reasons, full screen windows cannot be resized by script.

Regards,
Steve

 

[George Hester]

<snip />

Seems like if you opened the window with the size and position you
wanted you wouldn't have to worry about resizeTo and moveTo not
working.
http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open_1.asp

Regards,
Steve

OK I fugured it out. You see IIS In Windows 2000 when passing a URL always passes the URL
such that certain characters are changed. It does this to a space changes it to + and it does it to . changes it to %2E. Therefore if you receive the URL in a different page using Request.QueryString('paramater') you will get the URL with those characters changed. It also does it to : but that one isn't necessary here to go into.

Anyway this is how I was passing the URL and in the receiving ASP I used Server.URLEncode on it. This casued the percentages % to also be encoded to %25. So an image like this.jpg became
this%252Ejpg. Now this didn't stop the image from being displayed but JavaScript did not like it one
bit.

Access denied.

So I changed the encoding around a little bit to catch what IIS does when passing a URL as a
parameter.

George Hester
_________________________________

 

[George Hester]

That's weird.

I didn't notice the fullscreen option in your window.open call before.
The answer to your original question is taht In IE6 SP1, for security
reasons, full screen windows cannot be resized by script.

Regards,
Steve

Yes I know. That was OK until Windows XP SP2 now I don't know what is going to happen. I have
to put together that Op sys and see how it goes. The issue of a forced status bar may present a
problem. I like this thing because it gives me complete control over that segment of accessing the site.
And I mean complete control. I don't like people coming by just to have something to complain about.
So I was asked to guard the site and so I did.

Anyway I figured out the issue. If you look at what I said was the URL that caused the problem:

http://www.mydomauin.com/more5/more5.asp?id=mc18045.jpg&plt=more5&sze=112+KB&wh=640+x+469&rdr=cube

that was actually wrong. That link does work correctly. Had a little sneaky stufff going on where in fact the link was looking like this:

http://www.mydomauin.com/more5/more5.asp?id=mc18045%2Ejpg&plt=more5&sze=112+KB&wh=640+x+469&rdr=cube

Accessed Denied.

The issue is Request.ServerVariables("URL) and Server.URLEncode in the more5.asp page. There is some funky encoding going on. It's the old issue of encoding and then encoding again. In JavaScript it would be called escaping and then escaping again. Which causes the problem. Here was the fix: (in VBScript Server-side)

<%
'
Response.Redirect "/Logon.asp?from=" & Replace(Server.URLEncode(s), "%252E", "%2E")
'
%>

This is not right it's a cobjob but will suffice for now until I can find out how to fix this Micrsooft
SNAFU.

http://support.microsoft.com/default.aspx?scid=kb;en-us;301464