JavaScript权限被拒绝。如何允许在受信任的域之间的跨域脚本? [英] JavaScript permission denied. How to allow cross domain scripting between trusted domains?
问题描述
我们有一个由SAP企业门户iframe托管的基于.net的应用程序。
SAP门户的域是 al.xx.companyname.com 。 .Net应用程序服务器的域为 ss.xx.companyname.com 。
We have a .net based application hosted with SAP enterprise portal iframes. The domain of the SAP portal is al.xx.companyname.com. The domain of the .Net application server is ss.xx.companyname.com.
现在,当我通过企业门户网站打开应用程序时,我得到一个Permission deniedJavaScript错误。我在IE中启用脚本调试,然后将visual studio调试器附加到JavaScript错误。我注意到错误从以下JavaScript代码设置/重置脏标志。
Now when I open the application through Enterprise portal, I get a 'Permission denied' JavaScript error. I enabled script debugging in IE and then attached visual studio debugger to the JavaScript error. I noticed the error is thrown from the following JavaScript code to set/ reset dirty flags.
if(top.EPCM!=null)
可以理解,问题是由于跨域脚本。即ss.xx.companyname.com的应用程序服务器正在尝试访问域al.xx.companyname.com的企业门户的浏览器组件。
Understandably the issue is due to cross domain scripting. i.e. the application server of ss.xx.companyname.com is trying to access the browser component of enterprise portal of domain al.xx.companyname.com.
但是这个跨脚本是一个信任的域脚本,我想以某种方式允许这种交叉脚本。我试图设置应用程序服务器的主DNS后缀。
However this cross scripting is a trusted domain scripting and I want to somehow allow this cross scripting. I tried to set the primary DNS suffix of the application server. by following the below approach.
- 右键单击我的计算机上的应用程序服务器。 (Windows 2003服务器)
- 选择属性 - 计算机名称
- 单击更改按钮,然后在下一个窗口中单击更多按钮
- 在此计算机的主DNS后缀文本框下,输入了值 - al.xx.companyname.com。
- Right click on My computer of application server. (Windows 2003 server, by the way)
- select properties - Computer Name
- Click Change button and in the next window click More button
- And under the'Primary DNS suffix of this computer' textbox, I entered the value - al.xx.companyname.com.
现在,在上述设置之后,我假设企业门户和应用程序服务器的域将被视为al.xx.companyname.com。但是,我仍然在上面提到的相同的JavaScript代码中获得JavaScript权限被拒绝的错误。
Now after the above settings, I assume the domains of both enterprise portal and application server will be taken as al.xx.companyname.com. However I am still getting the JavaScript permission denied error in the same JavaScript code mentioned above.
正如回复中所建议的,我也实现了document.domain方法。 >
As suggested in the replies, I also implemented document.domain approach.
var requireddomain = 'al.xx.companyname.com';
var text = document.domain; //returns the domain as ss.xx.companyname.com
if (text != requireddomain)
{
for (i=0; i < 2; i++)
{
dotposition = text.indexOf( "." );
text = text.substr(dotposition +1);
}
document.domain = text;
}
if(top.EPCM!=null)
使用上面的代码,document.domain对象设置为 companyname.com ,这对企业门户和应用程序服务器都是通用的。
然而,仍然被拒绝的权限问题抛出在行>> if(top.EPCM!= null)
With the above code, the document.domain object is set as companyname.com which is common to both Enterprise portal and application server. However still the permission denied issue is thrown in the line >> if(top.EPCM!=null)
这个问题打破了我的头过去3天。有人可以帮我这个吗?
目标是允许应用程序服务器和作为受信任连接的企业门户之间的跨域脚本。非常感谢。
This issue is breaking my head for past 3 days. Can someone please help me with this? The objective is to allow cross domain scripting between application server and enterprise portal which is a trusted connection. Thanks.
更新:
令人沮丧的发展。我已经在我的应用程序服务器中安装了ssl证书。
Interesting & frustrating development. I have installed ssl certificates in my application server. And still the permission denied error is thrown.
- Portal网域:al.xx.companyname.com
- app domain:ss.xx.companyname.com
我试图将document.domain属性设置为2个子级别,即到companyname.com。
I was trying to set the document.domain property to 2 sublevels down, i.e to companyname.com.
但仍然发生权限被拒绝错误。
But still the 'permission denied error' occurs.
仅当应用程序域是门户网站域的一个子集时,document.domain的设置才有效。即
I guess, the setting of document.domain will only work if the app domain is a subset of portal domain. i.e.
- 门户网域:al.xx.companyname.com
- 应用程序域:ss.al .xx.companyname.com。
在上述情况下,我可以将应用程序域减少一个子级别。 xx.companyname.com)。
In the above case, I can just reduce the app domain to one sublevel down (to al.xx.companyname.com). Then I guess, it would work.
然而,在我的案例中,门户网站和应用程序服务器是同一companyname.com的两个分支子域,因此仍然不允许交叉脚本
However in my case the portal and app servers are 2 branched subdomains of the same companyname.com and hence cross scripting is still not allowed.
有关如何处理的任何建议吗?
Any suggestions on how to proceed?
推荐答案
原始策略可能是如此严格,它不会使例外,即使与可信站点。
The Same Origin Policy is probably so strict that it doesn't make exceptions even with trusted sites.
跨浏览器 document.domain 属性应该能够解决这个问题:
The cross-browser document.domain property should be able to solve this:
是同一起源规则的一个例外。脚本可以将document.domain的值设置为当前域的后缀。如果它这样做,较短的域用于后续的原始检查。例如,假设文档中的脚本位于 http://store.company.com/dir/ other.html 执行以下语句:
document.domain =company.com;
这篇关于JavaScript权限被拒绝。如何允许在受信任的域之间的跨域脚本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
