U4-8459 - Umbraco 7.4.3 Preview mode throws Uncaught SecurityError: Blocked a frame with origin... canvasdesigner.front.js:284

Created by Robert Ghafoor 16 May 2016, 17:08:11 Updated by Robert Ghafoor 16 May 2016, 18:31:39

Your report will have a greater chance of being addressed if you can give us clear steps to reproduce the issue, please answer the following questions in as much detail as possible: What did you do? Install https certificate and im using chrome latest verision What did you expect to happen? well the preview mode is not working at all What actually happened? errors then noting more look at image

we have 3 hostnames configured for our home startpage. https://investorab.com.local <--- our local dev https://investorab.com.qa.meridium.se <--- other server "test server" https://investorab.com.uat.meridium.se <--- production test server

Regards Robert

2 Attachments

Comments

Sebastiaan Janssen 16 May 2016, 17:12:14

Which link did you click on which domain? Did you set UmbracoUseSsl to true in web.config?


Sebastiaan Janssen 16 May 2016, 17:12:34

More here: https://cultiv.nl/blog/so-you-want-to-secure-your-umbraco-site/


Robert Ghafoor 16 May 2016, 17:24:22

The problem seams to be something like the following https://javascript.info/tutorial/same-origin-security-policy#cross-window-messaging


Robert Ghafoor 16 May 2016, 17:25:04

yes its set to true


Robert Ghafoor 16 May 2016, 17:33:15

@sebastiaan i added <system.webServer> </system.webServer>

but it seams to not work.


Robert Ghafoor 16 May 2016, 17:49:35

I think the domain.location is set wrong on one point as it only sets to "com.local" so the investorab. is not there should it not be investorab.com.local ? i think that is the problem with the script in edit @sebastiaan


Robert Ghafoor 16 May 2016, 18:10:19

@sebastiaan You need to use 3 words in youre url ex name.se.local if you do the problem will show if you only use name.local it will work i get no errors but one then but the page loads in edit and shows.

Im using a self signed certificate

now i only get this error: 1052.aspx:21 Uncaught SecurityError: Failed to set the 'domain' property on 'Document': 'local' is a top-level domain.


Robert Ghafoor 16 May 2016, 18:16:07

@sebastiaan it is the 3 dots that reproduces the error + https iis self sigend sertificate i created one that looks like this investorab.* in the self sigend certificate value my guess is somewhere the domain key is set wrongly in backend code it can not handle more then 1 dot.


Sebastiaan Janssen 16 May 2016, 18:19:32

Sorry, but we don't support using HTTPS on localhost with self signed certificates. That will never work properly in any browser.


Robert Ghafoor 16 May 2016, 18:21:07

@sebastiaan ok il forward that. so it will work if we had a real certificate ? thancks for youre time


Sebastiaan Janssen 16 May 2016, 18:25:16

I'm not sure you could ever get a real certificate for a ".local" domain.

Just so you know, we have 3 dots in Our Umbraco and it works just fine, see attached.


Sebastiaan Janssen 16 May 2016, 18:27:23

Ah, I guess that's 2 dots.. but the number of dots really doesn't matter, just that it's a valid certificate. The web.config configuration you listed above also will not work, it limits iframes too much, you should alter or remove it (I don't know how to alter it so preview will work, but I'm sure it's possible, just google the error you get about the iframe).


Robert Ghafoor 16 May 2016, 18:31:39

@sebastiaan that rule was just a test i found on the site you posted its gone as it made it worhs xD but it all works with a self signed certificate if i use name.local :) dont know way but if it will work live then im fine with it as then there will be a real certificate for the public url thancks for youre conserns and help.


Priority: Normal

Type: Bug

State: Closed

Assignee:

Difficulty: Normal

Category:

Backwards Compatible: True

Fix Submitted:

Affected versions: 7.4.3

Due in version:

Sprint:

Story Points:

Cycle: