|
Permission denied for javascript methods, SSL security error between parent and child windows |
I recently integrated a postcode lookup service into a checkout process, it constituted a pop up window, with a Webservice http call to return a JSON object of postcode data.
The data itself was returning successfully, and is output into a select field, so that the user can choose one of the address records from the many returned.
The problem I had arose when I ran a script to write the selected address data back from the pop up window to the parent window. Something like this:
2 $(document).ready(function() {
3
4 $('.submitButton').click(function() {
5
6 var selectedPcode = $('.address').val();
7
8 if (selectedPcode == undefined) {
9 alert('Please select an address')
10 }
11
12 else {
13 //split the string
14 var mySplitResult = selectedPcode.split(",");
15
16 var street = mySplitResult[0];
17 var area = mySplitResult[1];
18 var town = mySplitResult[2];
19
20 street = jQuery.trim(street);
21 area = jQuery.trim(area);
22 town = jQuery.trim(town);
23
24// set the parent form field values
25window.opener.document.form.evAddress1.value = street;
26window.opener.document.form.evAddress2.value = area;
27window.opener.document.form.evTown.value = town;
28window.close();
29
30 }
31
32 });
33 });
34</s/cript>
The code above will just split out the address parts and write them out to the corresponding fields in a form in the parent window. At this point I was seeing an error message:
The problem stems from the fact that the parent window is served under SSL and the pop up was not.
So make sure that your parent and child windows are both served under the same protocol, otherwise I guess it is being stopped as an inject hack, as it appears to be on a different domain.
|
Securing server side Coldfusion code with cfcompile |
If you ever need to protect your intellectual property, or you have suspicions that your code maybe be accessed on a server to be tampered with, then your best option is to compile your code base.
This article addresses how to use the cfcompile command, and what it actually does to your code base.
|
Forcing an SSL redirect using Coldfusion |
I've never really coded much around individual Secure templates, but this afternoon I found myself working in a framework where certain templates were required to be called with the 'https' URL instead of standard non secure URLs.
This turns out to be incredibly easy. There is a variable in the cgi scope that tells you if the request is served under a secure port or not, cgi.server_port_secure returns true or false (1/0), so you can use it to redirect people to where they should be.
2
3 <cflocation url="https://#cgi.server_name##cgi.script_name#"
4 addtoken="false">
5
6</cfif>
I've used other cgi values above as I've put this in a 'prefuseaction' function in a fusebox CFC controller file. That way all requests to any actions in that file are routed to the SSL equivalent.
|
Flex webservices security error accessing url |
I've been working with some client side flash developers recently and we came across an unusual error that was being thrown in a Flex application when we were sending a webservice request to a Coldfusion server.
The error was "Security error accessing URL". I thought I'd overcome this a long time ago by using the cross-domain.xml file to allow server access to services.
It appears that there is a security issue with Flash 9 that requires the following line to be added to the CrossDomain.xml file:
I'm guessing that it is enabling access for SOAP requests to any remote services on that server.