Discussion:
Loading external url as local
mélanie langlois
2007-05-11 01:29:37 UTC
Permalink
Hello,

In one of my webpage, one frame is loading an external url, using iframe
tag. The loading process works fine, but I need to access component in this
frame, to launch some actions on them. When I tryed that I get a Permission
denied error, because the iframe is loaded from an external domain tahn my
application.

I tried to used apache server configured as a reverse proxy, to load the
iframe in a way that tomcat thinks it's loaded from local domain.

What i did is in my jsp page, i have iframe
src="http://localhost/externallink"

in my apache server conf:
ProxyPass /externallink http://www.externaldomain/externalpage.asp
ProxyPassReverse /externallin khttp://www.externaldomain/externalpage.asp

The page is loaded fine in the frame, but i still have the permission denied
error. So it seems that tomcat still sees that it's coming from external
domain.
Did i forgot some configuration? Does someone know how to solve this issue ?

Thanks,

Mélanie

_________________________________________________________________
Découvrez le Blog heroic Fantaisy d'Eragon!
http://eragon-heroic-fantasy.spaces.live.com/


---------------------------------------------------------------------
To start a new topic, e-mail: ***@tomcat.apache.org
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Pid
2007-05-11 06:32:16 UTC
Permalink
Post by mélanie langlois
Hello,
In one of my webpage, one frame is loading an external url, using iframe
tag. The loading process works fine, but I need to access component in
this frame, to launch some actions on them. When I tryed that I get a
Permission denied error, because the iframe is loaded from an external
domain tahn my application.
I tried to used apache server configured as a reverse proxy, to load the
iframe in a way that tomcat thinks it's loaded from local domain.
What i did is in my jsp page, i have iframe
src="http://localhost/externallink"
ProxyPass /externallink
http://www.externaldomain/externalpage.asp
ProxyPassReverse /externallin khttp://www.externaldomain/externalpage.asp
The page is loaded fine in the frame, but i still have the permission
denied error. So it seems that tomcat still sees that it's coming from
external domain.
Did i forgot some configuration? Does someone know how to solve this issue ?
Sounds like the browser is doing the right thing and stopping you
executing a cross-site scripting attack of some sort, which is the
intended/expected behaviour, I think.

I don't know what to suggest to solve your problem, can you supply some
more details as to what you are trying to achieve?

p
Post by mélanie langlois
Thanks,
Mélanie
_________________________________________________________________
Découvrez le Blog heroic Fantaisy d'Eragon!
http://eragon-heroic-fantasy.spaces.live.com/
---------------------------------------------------------------------
Hassan Schroeder
2007-05-11 13:21:52 UTC
Permalink
Post by mélanie langlois
In one of my webpage, one frame is loading an external url, using iframe
tag. The loading process works fine, but I need to access component in this
frame, to launch some actions on them. When I tryed that I get a Permission
denied error, because the iframe is loaded from an external domain tahn my
application.
I tried to used apache server configured as a reverse proxy, to load the
iframe in a way that tomcat thinks it's loaded from local domain.
Pointless. The iframe is loaded *by the client browser* which doesn't
care anything about your proxy setup. The *client* knows the URLs
are from different domains and enforces the proper restrictions on
cross-site scripting.

If you want the content of that external URL to be part of the context
of your page, you need to incorporate it on the server.

The easiest way would be to use the JSTL <c:import /> tag and either
embed (and post-process) the content or just create a local copy.

HTH,
--
Hassan Schroeder ------------------------ ***@gmail.com

---------------------------------------------------------------------
To start a new topic, e-mail: ***@tomcat.apache.org
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Loading...