Aug 24, 2015, 1:34 PM
9 Posts

Iframe borwser security restricition

  • Category: Other
  • Platform: Windows
  • Release: 8.5.3
  • Role: Administrator,Developer
  • Tags: iframe,browser security,documet site
  • Replies: 0

Hello! Where I work, we have a Help Desk Domino application that is used by company employees and  call center employees. A few months ago it was implemented in the environment a SSO, where  when the user is logged in windows the user is authenticated to all environments and does not need to enter your login in these environments, including Domino. This SSO environment is causing a side effect in the Domino application regarding the call center users. After the implementation of SSO, application became unstable and  intermittently the call center users need to fill a demand form several times. Importantly, users of the call center does not log on the network of my company, just access the application by link and log into Domino server.
To solve the problem it was created a site where a alias for the Domino server was created. Through this site the call center users will access the Domino applications. For other Domino applications that also had problems with the users of call center the site creation resolved the problem, however to the help desk application another problem appeared. In our validation testing we found that to access some elements such as iframe, which is created at runtime, an access denied error occurs. We researched the issue and we found that the cause is the browser security restrictions. The browser for some reason does not understand that the alias and the host name refer to the same Domino server causing the exception.
To try to work around the problem, we try a solution to Domino server level. By technote (http://www-01.ibm.com/support/docview.wss?uid=swg21568598&cm_mc_uid=09992606621414313637546&cm_mc_sid_50200000=1433782776), we try to solve the security problem, but without success. Then we try to implement an application-level solution by placing the meta tag pages (<meta http-equiv="X-FRAME-OPTIONS" content="ALLOW-FROM xxx.com />), but also without success. Has did anyone experienced this problem? Does anyone have any tips for solving the problem?

Thanks a lot!