Loading external url as local

[mélanie langlois <me...@hotmail.fr>]

Hello,

In one of my webpage, one frame is loading an external url, using iframe 
tag. The loading process works fine, but I need to access component in this 
frame, to launch some actions on them. When I tryed that I get a Permission 
denied error, because the iframe is loaded from an external domain tahn my 
application.

I tried to used apache server configured as a reverse proxy, to load the 
iframe in a way that tomcat thinks it's loaded from local domain.

What i did is in my jsp page, i have iframe 
src="http://localhost/externallink"

in my apache server conf:
ProxyPass           /externallink http://www.externaldomain/externalpage.asp
ProxyPassReverse   /externallin khttp://www.externaldomain/externalpage.asp

The page is loaded fine in the frame, but i still have the permission denied 
error. So it seems that tomcat still sees that it's coming from external 
domain.
Did i forgot some configuration? Does someone know how to solve this issue ?

Thanks,

Mélanie

_________________________________________________________________
Découvrez le Blog heroic Fantaisy d'Eragon! 
http://eragon-heroic-fantasy.spaces.live.com/


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Loading external url as local

[Hassan Schroeder <ha...@gmail.com>]

On 5/10/07, mélanie langlois <me...@hotmail.fr> wrote:

> In one of my webpage, one frame is loading an external url, using iframe
> tag. The loading process works fine, but I need to access component in this
> frame, to launch some actions on them. When I tryed that I get a Permission
> denied error, because the iframe is loaded from an external domain tahn my
> application.
>
> I tried to used apache server configured as a reverse proxy, to load the
> iframe in a way that tomcat thinks it's loaded from local domain.

Pointless. The iframe is loaded *by the client browser* which doesn't
care anything about your proxy setup. The *client* knows the URLs
are from different domains and enforces the proper restrictions on
cross-site scripting.

If you want the content of that external URL to be part of the context
of your page, you need to incorporate it on the server.

The easiest way would be to use the JSTL <c:import /> tag and either
embed (and post-process) the content or just create a local copy.

HTH,
-- 
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Loading external url as local

[Pid <p...@pidster.com>]

mélanie langlois wrote:
> Hello,
> 
> In one of my webpage, one frame is loading an external url, using iframe 
> tag. The loading process works fine, but I need to access component in 
> this frame, to launch some actions on them. When I tryed that I get a 
> Permission denied error, because the iframe is loaded from an external 
> domain tahn my application.
> 
> I tried to used apache server configured as a reverse proxy, to load the 
> iframe in a way that tomcat thinks it's loaded from local domain.
> 
> What i did is in my jsp page, i have iframe 
> src="http://localhost/externallink"
> 
> in my apache server conf:
> ProxyPass           /externallink 
> http://www.externaldomain/externalpage.asp
> ProxyPassReverse   /externallin khttp://www.externaldomain/externalpage.asp
> 
> The page is loaded fine in the frame, but i still have the permission 
> denied error. So it seems that tomcat still sees that it's coming from 
> external domain.
> Did i forgot some configuration? Does someone know how to solve this 
> issue ?

Sounds like the browser is doing the right thing and stopping you 
executing a cross-site scripting attack of some sort, which is the 
intended/expected behaviour, I think.

I don't know what to suggest to solve your problem, can you supply some 
more details as to what you are trying to achieve?

p


> Thanks,
> 
> Mélanie
> 
> _________________________________________________________________
> Découvrez le Blog heroic Fantaisy d'Eragon! 
> http://eragon-heroic-fantasy.spaces.live.com/
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
>