I am trying to access an Outlook email from a link (i.e. https://outlook.office365.com/owa/#viewmodel=ReadMessageItem&ItemID=xxxxxxx) from a web app I am building. Clicking on the link should open a new tab in the browser, start Outlook Web App, and open the email.
Instead, I get this error: Blocked a frame with origin "https://outlook.office365.com" from accessing a cross-origin frame
I am using an AngularJS ng-href directive to create the link with target=_blank to force opening in a new tab.
The email opens properly without error when it is opened within the same browser tab (without target=_blank)
I appreciate any suggested solutions to help me resolve this.
I have resolved the problem by altering part of the query string in the URL.
From: https://outlook.office365.com/owa/#viewmodel=ReadMessageItem&ItemID=xxxxxxx
To: https://outlook.office365.com/owa/#ItemID=xxxxxxx
Now the direct link will open in any frame, given you are authenticated, without any cross-origin errors.
Related
I have a Visual force page that contains a lightning web component hosted in a Salesforce developer sandbox
I am trying the use the 'Lightning Message Service' to communicate with the 'Lightning' component from the visual force page using a 'Message Channel'
I can subscribe to the channel without any problem
When I try to publish a message to the channel, I get the CORS error below in Firefox as well as Chrome browser
Uncaught DOMException: Permission denied to access property "Sfdc" on cross-origin object iframeinterface.js:1
handleOnload https://xxx-dev-ed.my.salesforce.com/support/console/xdomain/30.0/iframeinterface.js:1
onload https://xxx-dev-ed.my.salesforce.com/support/console/xdomain/30.0/crossDomainProxy.html#xdomain_name=s:isClickToDialEnabled&xdomain_targetFrame=s:sfdc-console&xdomain_txnId=s:0&xdomain_pathToOriginProxy=s:https://xxx-dev-ed--c.visualforce.com/crossDomainProxy.html&xdomain_originFrame=s:sfdcSoftphone&version=s:private_api:4
I have added all the urls to the CORS whitelist in Salesforce but nothing seems to help
I have also added these urls to the 'trusted sites' whitelist in Salesforce
Thanks in advance for any tips
Regards
Mathew
I have tried to do authentification in an iframe but the google server returns errors like
Refused to display 'https://accounts.google.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
Can somebody help me, please?
it normally impossible to open the connection page of google in an iframe because google forbids it cause of some vulnerability. you can link to this post to see for more information : another post
The users of our website run our Chrome plugin which, amongst other things, performs cross-origin requests via XMLHttpRequest as described on the Chrome extension development pages. This has been running just fine for a few years now. However, ever since our users upgraded to the latest version of Chrome (v38), these requests have failed. Our site runs on HTTPS and some of the URLs loaded via our content script are on HTTP. The message is:
[blocked] The page at 'https://www.ourpage.com/' was loaded over
HTTPS, but ran insecure content from 'http://www.externalpage.com':
this content should also be loaded over HTTPS.
The reported line where the error occurred is in the content script where I'm issuing the HTTP call:
xhr.send(null);
I have no control over the external page and I would rather not remove SSL from our own page. Question: Is this a bug or is there a workaround that I am not aware of?
(Note: The permissions in the manifest were always set to <all_urls> which had worked for a long time. Setting it to http://*/ and https://*/ did not help.)
If possible, use the https version of that external page.
If that is not possible, use the background page to handle the AJAX request (example).
I am facing some difficulty with AngularJS and opening a new window(window.open('URL'))
Consider the scenario, I want clients on my web-app to authenticate via third-party services like Facebook, Stripe, etc.
I have my web-app built in AngularJS and bootstrap.
On click of 'Add Account' button, I would like to open a new window with the respective URL. Everything upto here works.
But when I try to access the window object from the parent web-app, it gives an error: Blocked a frame with origin "http://localhost" from accessing a cross-origin frame
I need to access the child window URL from the parent to detect URL change, and I also need to access the content of the child window.
So the whole workflow is
When I click on 'Add Account' from my web-app
A new window opens, which hits a URL on my Server
Which then calls the Stripe Authentication URL
The User signs-in with his Stripe credentials
After successful signing in, Stripe auth redirects the callback to my Server
Which then sends a ACK = Success
I then read the ACK from my web-app(parent)
After receiving the ACK, and checking it, close the new window which was opened
Please help !!
One way to do this,
You can have an intermediary page which opens the URL on your server. The server url returns with a hashtag #success or #error after the authentication with the third party page. The intermediary page loads again and looks for the hashtag and calls opener window.
Why am I not able to visit the .mp4 file which this player loads in on the actual website? I don't understand, since the file it's publicity is open (I can load it on the actual page, so why not here?)
jwplayer("vplayer").setup({
sources: [{file:"http://5.79.65.54/kj2vyibvei6vtaw52bjj424ffdpihhh3faz3hoh53hp7klpimhf6ti4evxla/v.mp4",label:"240p"},
{file:"http://5.79.65.54/kj2vyibvei6vtaw52bjj424ffdpihhh3faz3hoh53orpklpimhf6pwsffuyq/v.mp4",label:"360p"},
{file:"http://5.79.65.54/kj2vyibvei6vtaw52bjj424ffdpihhh3faz3hoh53vypklpimhf7yyyh44fq/v.mp4",label:"720p"}],
image: "http://5.79.65.54/i/01/00000/43w5a2pzxepn.jpg",
skin: "",
duration:"6740",
width: 728,
height: 410,
preload:"auto",
primary:"flash",
startparam: "start"
It's for the following line:
http://5.79.65.54/kj2vyibvei6vtaw52bjj424ffdpihhh3faz3hoh53vypklpimhf7yyyh44fq/v.mp4
It would help me a lot, if someone could explain me on why this is happening!
It says the ip is wrong so my best guess is that the ip address of the hosted site is in a whitelist.
Update
To expand on my answer:
Try to open the url directly to the mp4 file in the browser and open the console (Chrome = F12 etc..). You will see that the server returns HTTP status code 403 Forbidden
Status code 403 responses are the result of the web server being configured to deny access, for some reason, to the requested resource by the client.
Now, this is a bit of a trickery and you MUST make sure you're allowed to do this. Open the same URL in the browser: thevideos.tv/embed-pmmp2xh1slwm-728x410.html
now open up the developer console in the browser. Chrome = F12 etc..
Now right click on the table element and add AFTER it the following:
<video><source src="http://46.105.106.46/kj2vzb7wei6vtaw52bfz4nmggyev2pof5ka5cfja62xmnfzhv6ajzp4gbyoa/v.mp4"></video>
Click somewhere on the webpage with the flashplayer and watch the video gets embedded. Now try to right click the html5 video and click "Save video" (Make sure you are allowed to do this)
What did we learn from this?
The video is requestet from that particular web site. We tricked the web server holding the resource to accept the request since it came from thevideos.tv.
Thats it. Click here to learn more about HTTP status codes, click here to learn more about the 403 status code.