[ic] Browser security question! Maybe off topic!
Joachim Leidinger
interchange-users@interchange.redhat.com
Thu Nov 8 02:55:01 2001
Hi List,
I've a frameset in my IC catalog and I have a page checkout, which is
set to secure in my catalog.cfg. An user is able to log in in my
checkout page. But a left frame has a menu bar and a status bar (with a
message like "You are logged in!" or "You are not logged in!" for
example). After log in in my checkout page, I get an error message by
the JS:
-------- snip -------
JavaScript Error:
https://www.bpa.leidinger.local/cgi-bin/intos/process.html, line 727:
access disallowed from scripts at
https://www.bpa.leidinger.local/cgi-bin/intos/process.html to documents
at
another domain.
-------- snip -------
I can't understand, why I've another domain. It is another protocol
"http" instead of "https".
My customer don't want to remove the log in part from the checkout page!
:-(
I've a JS like
<script>parent[4].location.href="[area menu_2]"</script>
in my checkout page. This script reload the page menu_2 into the
frame[4], wich is insecure (http).
Setting the page "menu_2" to secure is not the solution.
I read some information about privilege! But I could not found a JS
solution to allow the Browser, to read the page "menu_2".
Any helps, hints and suggestions are very wellcome.
Thanks!
Joachim
--
Hans-Joachim Leidinger | Dipl.-Phys.Ing. Entwicklung eCommerce
[Hans-Joachim.leidinger@bpanet.de]
Black Point Arts Internet Solutions GmbH
http://www.bpanet.de