• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Permission Denied Error

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am redirecting from one website to other by giving complete url in window.open method.When I come to child window I am trying to alert(window.opener.location.href).It says permission denied.
Any reason or any other way to do it.

Thanks.
 
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JavaScript has the same domain policy. You can not access information in two seperate domains.

Eric
 
Pallavi Srivastava
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok.is there any other way.I want only users from suppose "xyz" website can come to my website.If a person is coming from any other website ,an error message is displayed.How can I achieve this?

Thanks.
 
Eric Pascarello
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
On the server see if they have a referer. [which can be spoofed or disabled by the user]
 
Pallavi Srivastava
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am getting http-referer as null.
After doing some research, I found something called cross domain cookie.
Does anybody know about how to set cross domain cookie.Any examples?

Thanks.
 
Eric Pascarello
author
Posts: 15385
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Add a referer to the URL, only way you are going to be able to do it. Person will be able to bookmark it, but oh well.

Cross Domain cookies are a security issue and are blocked by browsers by default.

Eric
 
Pallavi Srivastava
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have figured solution after much hit and trial.Basically I only want users from website let's say abc.com can come to my site and rest all get accessdenied error.Also I want to prevent users from copying and pasting urls to browser directly and come to my site.
I am just posting this solution here so if someone need it, may use it.
On the parent web site I have generated a cookie and appended it with url.Lets say




This way user will never know what the exact url is.Then at my end,I am checking the contents of cookie and redirecting to the page which display details(make it a post request from now on).Also I am using session variables and erasing the variable as soon as mywebsite page is displayed.This restrict users from copying url to the browser and coming to my website directly.
Its not a sure shot way but atleast provide some level of security.
Any suggestions welcome.
Thanks for the replies.
 
reply
    Bookmark Topic Watch Topic
  • New Topic