Cross domain scripting: error #2048

Similar Messages

• Cross site scripting errors in RoboHelp 8.0

  We are using Robohelp 8.02, generating webhelp for a web application. Development just started to use Fortify to identify security vulnerabilities. The Fortify software found 17 Robohelp htm files with cross-site scripting security holes. We are NOT using RoboHelp Server 8.
  Before creating this posting, I searched the forums and found one post from Feb 2010 (Beware -serious - cross site scripting errors in Robohelp 8.0).
  From reading that posting, it appears that an Adobe engineer was involved----I'm not clear on the final outcome for this issue.
  Any additional information on the final resolve for this issue would be helpful.
  Thanks,
  Beware - serious breach - cross site scripting errors in RoboHelp 8.0

  The previous poster indicated that Tulika, who I can confirm is an Adobe engineer, stated "when she reviewed the code that was triggering the Fortify cross site scripting errors, she came to the conclusion that it was not actually harmful." The poster also indicated their opinion was the other errors were minor.
  That seems clear enough so I wonder what value is anything that anyone here can add? The forum responses are from other users and I would have thought any further assurance beyond the above is something your management would want to come from Adobe.
  I have not seen anything on these forums indicating that any attack has been triggered.
  See www.grainge.org for RoboHelp and Authoring tips
  @petergrainge

• Cross-domain Navigation Error

  Hi folks,
  I was just beginning to test out a site on my domain when I received the following error:
  Cross-domain Navigation Error
  Adobe InContext Editing does not support cross-domain navigation.
  For more details, please visit the Adobe InContext Editing Help and Support page.
  While I could not find any help easily, I thought I would post here with what I have discovered.  I am not entirely sure what "cross-domain navigation" is in the first place, but I had a few hunches.
  Initially, I was using a site set up with templates and library items.  Then, for the purposes of troubleshooting, I deleted all files and placed one HTML file in the folder with nothing but some text in it.  I still received the error message.
  On a whim, I decided to try InContext Editing in Internet Explorer instead of Firefox, and it worked.  I then downloaded and installed the latest version of Firefox (3.5.1), and the error message still appeared.
  Any ideas?
  Thanks in advance!

  Having the same troubles. Worse it goes into an endless loop where you can't get out of the error message cycle.
  http://sonomamountainbusinesscluster.com/

• Cross Domain Trust Error, while opening the infopath in sharepoint list.

  Dear All,
  Facing some issue in
  Environement:
  Windows = Windows Server 2008
  Shareppoint = Sharepoint Server 2013.
  Project Server = Project Server 2013
  Info Path = Info Path Designer 2013
  Detailed:
  I have sharepoint environment with Project Server,I which have created task list in my project site and then i customize that form using info path their is one column named: "Product Name" in my task list which is drop down menu in that menu
  i want to show all the project name which are created in PWA Site. For that i made the External data connection to my sql server and select my desired table from that and also configured the my column data "i:e; Product Name. And published it to the my
  site. Now when i opened that form it prompts the error
  "The form cannot be submitted because this action would violate cross-domain restrictions. 
  If this form template is published to a SharePoint document library, cross-domain access for user form templates must be enabled
  under InfoPath Forms Services in SharePoint Central Administration, and the data connection settings must be stored in a UDC file in a data connection library in the same site collection. 
  If this is an administrator-approved form template, the security level of the form must be set to full trust, or the data connection
  settings must be stored in a UDC file by using the Manage data connection files option under InfoPath Forms Services in SharePoint Central Administration ."
  Oopsss !!
  Now start googling it found couple of solution shared listed below:
  1. Enable the cross domain authenticated in Central Admin –> General Application Settings –> Configure InfoPath Form Services (Done)
  2. Now Created the data connection library in my site collection which is PWA Site after that i went to the infopath and creating the data connection and
  Convert to Connection File and enter the URL of the data connection library
  and its prompt the error " the specified url is not a data connection library and enter the correct filename" didnt remember the exact error description at the moment.
  So, that was all stuff, Kindly suggest me any step which i missed that or ay solution that resolve my this issue.
  Thanks
  REGARDS DANISH DANIE

  it seems the data-seed failed in your dehydration store.
  so i would check if user orabple exsits in your db (pw is orabpel) .. and recreate the schema by executing the following script (based on your db)
  orabpel\system\database\scripts\domain_oracle.ddl
  hth clemens

• Cross-Domain Scripting in OC4J

  Hi,
  I was wondering if anyone could help us find a way to enable cross-domain requests on our OC4J container.
  We're working on version 10.13.40!
  We would like to expose our web services to other applications inside our organisation (which operate from another url). We would also like to expose them to localhost since we are using them to test our application on our local machines.
  If anyone has any more information on this topic, please let us know!
  Thanks in advance!
  Maarten

  I didn't exactly get you
  Let me explain my problem. I am trying to access a BI Publisher's web service from outside the domain. My BI Publisher is hosted on OC4J. When I call this web service from inside the domain I get the expected response.
  The header of the response does not have Access-Control-Allow-Origin parameter in it. When I run the same code from outside, the status of my XMLHttpRequest object (my browser is mozilla) is set to 0 which means that the server is rejecting my call and I assume this is because this call is made from a place outside the domain.
  I have learned that Access-Control-Allow-Origin parameter controls the script requests which come from a place outside the domain
  I want to know a mechanism to set Access-Control-Allow-Origin parameter in OC4J. I searched the documentation and this parameter is not mentioned. Is the name of this parameter different in OC4J. If so what is it and where is it.
  Thanking you in anticipation of your help
  Regards,
  Vishal

• Xml Socket  policy to connect to a range of IPS cross domain scripting

  Dear,
  I have a problem with connecting to other servers rather the
  one who has served the swf file.
  i was facing the problem even on the same machine , so i have
  provided the policy file , to be served before opening the
  connection, and it works, but still in IE6 i was just skiping the
  requset-policy-file that is sent by the movie and it works, rather
  the other browsers didn't like this way. At that time i have
  written the code to check for the header , and send back the policy
  file.
  the policy file that i am using is the following:
  PolicyFile = @"<?xml
  version=""1.0""?><cross-domain-policy><allow-access-from
  domain=""192.168.1.100"" to-ports=""843""
  /><allow-access-from domain=""192.168.1.101""
  to-ports=""843"" /></cross-domain-policy>";
  My hope is to be able to connect to 192.168.1.101:843 , and
  my server web is the other ip .
  Best regerds

  Hi, go to
  Flash Resources , you can
  find a java application that can serve policy files to resolve this
  problem.

• Adaptive Portlet Security....cross site scripting error

  Ok, I'm using Adaptive Portlets to access portlet data that resides on a different machine than my portal server. Everytime I try and perform a PTHTTPGET, I get a javascript security error. At first I was able to get around this by storing my portlets on the same machine as the server, however, in production this will not work because our portal is installed among 5 different boxes.
  Does anyone know how I can get around this?
  Dana

  The way to work around this is to make sure that any URLs you GET from are gatewayed. That way, as far as the browser is concerned, they're from the same host.
  ...stephan

• Pt:tree cross protocol scripting errors

  We are using HTTPto serve our pages, and HTTPSfor settings/preference pages.
  I have a pt:tree on a preference page (HTTPS). Unfortunatly it opens in HTTP, and when the user picks a value, an "access is denied" box pops up.
  When I manually change the protocol of the URL in the window.open function (via client side script), the pt:tree window opens in HTTPS, but all of its frames still open in HTTP.
  Can't seem to find way to specify protocol for pt:tree. Any Ideas?
  Thanks,

  jasonwryan wrote:
  hadrons123 wrote:/usr/lib/lightdm/lightdm:
  ...and another one
  Good catch!
  I still see no mention of these issues in the wiki, maybe somebody could add a note / warning?
  https://wiki.archlinux.org/index.php/LightDM

• Cross domain scripting at run time using local connection flash AS2

  Hi
       I want to do live video streaming using FMS and FMLE in Flash As2. Suppose 100 users watching video online and I want to show message to  all 100 users using the Local connection.
  If I am sending message using different browser in same pc then I can get the message which was send from another swf file but I am checking from another pc then message not coming in receiver swf file.
  Please find the code below. 
  receievemovie.swf
  // Code in the receiving SWF file
  this.createTextField("result_txt", 1, 10, 10, 100, 22);
  System.security.allowDomain("*")
  System.security.allowInsecureDomain("*")
  var my_lc:LocalConnection = new LocalConnection();
  my_lc.allowDomain = function(sendingDomain:String) {
  domain_txt.text = sendingDomain;
  return true;
  my_lc.allowDomain = function(sendingDomain:String) {
  return (sendingDomain == "*");
  my_lc.allowInsecureDomain = function(sendingDomain:String) {
  return (sendingDomain == "*");
  my_lc.methodToExecute = function(param1:String) {
      result_txt.text = param1
  myResult.text=param1
  my_lc.connect("lc_name");
  sendmovie.swf
  System.security.allowDomain("*")
  System.security.allowInsecureDomain("*")
  var sending_lc:LocalConnection;
  var sending_lc:LocalConnection = new LocalConnection();
  sending_lc.allowDomain = function(sendingDomain:String) {
  return (sendingDomain == "*");
  sending_lc.allowInsecureDomain = function(sendingDomain:String) {
  return (sendingDomain == "*");
  myButton.onRelease = function(){
  sending_lc = new LocalConnection();
  sending_lc.send("lc_name", "methodToExecute", sendMsg.text);
  sendMsg.text="Message has been sent"
  If you have any other way to do it please suggest me to do that.
  Thanks & regards
  Sunil Kumar

  Hi, go to
  Flash Resources , you can
  find a java application that can serve policy files to resolve this
  problem.

• Error 2170 in Cross Domain Policy deployed in Enterprise Portal

  Hi All,
  We are facing an Error # 2170 for the Cross Domain Policy in Enterprise Portal.
  We developed the dashboard using 2 web service connections (using ECC Remote Enabled Functon Module). The Web services were made Public so that they can be accessed from any network. We developed the dashboard using the public enabled webservices and exported to the SWF file which is working fine.
  But when we place the dashboard SWF file in the Enterprise portal it gives the error " Cross Domain Policy Error #2170" .
  We Placed the Cross domain Policy file in ECC Server in the root directory and placed the same in Enterprise portal C drive.
  But still it shows the same error when we preview the dashboard in Enterprise Portal.
  The Cross Domain Policy File that we are using is as follows:
  -<cross-domain-policy> <site-control permitted-cross-domain-policies="all"/>
              <allow-access-from secure="false" to-ports="" domain=""/>
             <allow-http-request-headers-from secure="false" domain="" headers=""/>
             <allow-https-request-headers-from secure="false" domain="" headers=""/>
  </cross-domain-policy>
  Please let us know if the cross doamin file is correctly coded and suggest us with suitable solutions for this problem. Also let us know if there is some alternative solution to this issue.
  Thanks,
  Malla Reddy D

  Hello Malla,
  Maybe SAP Note 1240810 helps... Anyway, I would say that if your issue is with the direct SAP NW BI connection, through BICS, the only file which is relevant is bicsremotecrossdomain.xml, which should be located on your server HTTP root.
  Another check you can perform is if you have both portal certificate entries as per SAP Note 1508663.
  Kind Regards,
  Marcio

• Cross domain error while displaying .SWF files in  portal

  Hi Experts,
  i am working on EP ,
  i am trying to display a .swf file in a iview but that file is  giving an error as
  Add a cross domain policy file to the external data web server
  this swf file is retriving data from BI system.
  Please suggest !!
  i got a solution of putting a crossdoaim.xml file in root directory but thats not possible

  I think two urls will work for you:
  Xcelsius SWF with QaaWS through SSL: Cannot access external data
  http://livedocs.adobe.com/flex/3/html/help.html?content=security2_04.html

• Cross Domain error for Silverlight + MVC application with self hosted WCF service on azure

  Hi,
  We are migrating existing Silverlight application to MVC; existing Silverlight application is hosted on
  Azure which is consuming self-hosted WCF service. For authentication we have implemented
  ADFS with WIF (passive). The cloud service (<myWebSite>.cloudapp.net) is C Name to (<myWebSite>.<myDomain>.com) and we 
  are consuming  WCF service at <myWebSite>.cloudapp.net/<myService>.svc, as we were getting “Cross Domain” error so we have added “clientaccesspolicy.xml” at the root of “WEB ROLE”.
  Existing Silverlight application works fine but the problem occurred when we deploy our migrated application to the same cloud service. We are getting a “Cross Domain” error.
  The same migrated application works fine on UAT environment, the only difference is UAT environment is
  without ADFS WIF implementation.
  Migrated application is half Silverlight and half MVC with initial landing page is Silverlight. MVC web role is used to host the service i.e. .SVC . To go to SL landing page , redirected from home controller. Following is being observed in fiddler for this
  application
  Existing Silverlight application -
  After authentication with ADFS it redirect to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting the content of “clientaccesspolicy.xml”
  And after this everything works fine
  Migrated Silverlight-MVC application –
  After authentication with ADFS it redirects to “HomeController” and from there we are redirecting to Silverlight landing page.
  Before calling service method it looks for “clientaccesspolicy.xml”
  In response header we are getting  following content - “https://federation-sts.<myDomain>.com/adfs/ls/?wa=wsignin1.0&amp;
  wtrealm=https%3a%2f%2f<myWebSite>.<myDomain>.com&amp;
  wctx=rm%3d0%26id%3dpassive%26ru%3d%252fclientaccesspolicy.xml&amp;wct=2014-03-17T10%3a36%3a04Z”
  4.Throw “Cross Domain” error.
  Also we have added filter in
  RouteConfig
  for .xml file
  routes.IgnoreRoute("{*allxml}",
  new { allxml = @".*\.xml(/.*)?" });
  NOTE: There is no configuration change apart from MVC configuration.
  We have done RDP to web role and found that “clientaccesspiolicy.xml” is present at “E:\approot” location and it is also accessible at “https://<myWebSite>.<myDomain>.com/clientaccesspolicy.xml”.
  Please help
  Thanks,
  Rahul P

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Cross Domain Data Source Error in SSRS 2008

  We have our data warehouse server on a different Windows domain (Domain ABC) to the domain where our end user tools such as SSRS and SSAS sit (DOMAIN 123).  Historically we've used SQL server mixed mode authentication to get around any cross domain
  authentication issues but to tighten up security we are trying to switch to Windows only.  However, I'm unable to my development instance of SSRS to connect to a datasource using credentials from a different domain.
  I created a copy of the live data source with the same settings except for the credentials.  Here I selected Windows credentials (without impersonation ticked) and put in the username with the format DOMAINABC\DomainAccount with a domain account from
  the same domain as our DWH server.  However, none of the reports I tested can conect and throw the error below.  Please can anyone give me some pointers on things to check?  My google research has drawn a blank so far!
  An error occurred during client rendering.
  An error has occurred during report processing.
  Cannot impersonate user for data source 'DWH'.
  Log on failed.
  Logon failure: unknown user name or bad password. (Exception from HRESULT: 0x8007052E) 

  From your inital post, it sounded like you wanted to login to the data source with a remote domain user (123 in your example). Glad to see that's not the case!
  When you tested the credentials with SSMS were you on the remote domain?
  It looks to me like the impersonation is implicit: https://msdn.microsoft.com/en-us/library/ms160330.aspx
  Theres a couple of notes at the top of that page about remote access being enabled, and the ports that should be open too.
  Theres a bunch of potentially useful information about what your connection string should look like here too:
  https://msdn.microsoft.com/en-us/library/ms156450.aspx

• Safari cross domain error

  I tired to access a web site via Safari that I previously was able to access; however, now I get the following message: "Cross Domain Error: Cross domain is not supported by this browser." Is there a plug-in or something else that would allow me access the site?

  Hi,
  Please try to configure the cross domain policy file to allow public read access (that is, access it without federation requirement), make sure you can access the address
  http://something/clientaccesspiolicy.xml directly in a browser
  without redirecting to check whether the cross domain policy file could be anonymous accessed (Please start a new browser session and make sure you're
  not logged in. Then test the cross domain policy file.).
  Best Regards,
  Ming Xu
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• I am calling an xml , that come from rtmp server and i want to play a video . when i pause it show an error of cross domain. what i can i do?

  I am calling an xml , that come from rtmp server and i want to play a video . when i pause it show an error of cross domain. what i can i do?

  Please quote the exact error message, word-for-word, verbatim.
  What is your operating system?
  What version of Lightroom?