Problem passing parameters via Iframe in IE

Question

Hi,

I'm trying to execute an HTTP GET from my website to another website that is brought in via iframe.

On Firefox, you can see in the source that the correct url is in the iframe src along with it's correct parameters-- and it works.

On IE, you can see in the source that the correct url is in the iframe src along with it's correct parameters-- and it doesn't work...

Is there something about IE that doesn't let you pass parameters through an iframe in the querystring?

I've tried refreshing the iframe in IE, I've tried refreshing my page & the iframe in IE, and I've tried copying the url and re-pasting it into the iframe src (forcing it to refresh as if I just entered it into the address bar for that iframe window). Still no luck!

Anyone know why this is happening, or have any suggestions to try to get around this?

Edit: I cannot give a link to this because the site requires a password and login credentials to both our site and our vendor's site. Even though I could make a test account on our site, it would not do any good for the testing process because I cannot do the same for the vendor site. As for the code, all it's doing is creating the src from the backend code on page load and setting the src attribute from the back end...

//Backend code to set src
mainIframe.Attributes["src"] = srcWeJustCreated;

//Front end iframe code
<iframe id="mainIframe" runat="server" />

---

Edit: Problem was never solved. Answer auto accepted because the bounty expired. I will re-ask this question with more info and a link to the page when our site is closer to going live.

---

Thanks,
Matt

Answer 1

By the default security settings in IE query parameters are blocked in Iframes. On the security tab under internet options set your security level to low. If this fixes your problem then you know that is your issue. If the site is for external customers then expecting them to turn down their security settings is probably unreasonable, so you may have to find a work around.

Answer 2

Try using an indirect method. Create a FORM. Set its action parameter to the base url you want to navigate. Set its method to POST. Set its target to your iframe and then create the necessary parameters as hidden inputs. Finally, submit the form. It should work since it works with POST.

Answer 3

Based on Mike's answer, the easiest solution in your case would be to use "parameter hiding" to convert all GET parameters into a single URL.

The most scalable way would be for each 'folder' in the URL to consist of the parameter, then a comma, then the value. For example you would use these URLs in your app:

http://example.com/app/param,value/otherparam,othervalue http://example.com/app/param,value/thirdparam,value3

Which would be the equivalent of these:

http://example.com/app?param=value&otherparam=othervalue http://example.com/app?param=value&thirdparam=value3

This is pretty easy on Apache with .htaccess, but it looks like you're using IIS so I'll leave it up to you to research the exact implementation.

EDIT: just came back to this and realised it wouldn't be possible for you to implement the above on a different domain if you don't own it :p However, you can do it server-side like this:

• Set up the above parameter-hiding on your own server as a special script (might not be necessary if IE doesn't mind GET from the same server).
• In Javascript, build the static-looking URL from the various parameters.
• Have the script on your server use the parameters and read the external URL and output it, i.e. get the content server-side. This question may help you with that.

So your iframe URL would be:

http://yoursite.com/app/param,value/otherparam,othervalue

And that page would read and display the URL:

http://externalsite.com/app?param=value&otherparam=othervalue

Answer 4

Let's say your site is www.acme.com and the iframe source is at www.myvendor.com.

IIRC, most domain-level security settings don't care about the hostname, so add a DNS CNAME to your zone file for myvendor.acme.com, pointed back to www.myvendor.com. Then, in your IFRAME, set the source using your hostname alias.

Another solution might be to have your Javascript set the src to a redirector script on your own server (and, thus, within your domain). Your script would then simply redirect the IFRAME to the "correct" URL with the same parameters.

Answer 5

If it suits you, you can communicate between sites with fragment identifiers. You can find an article here: http://tagneto.blogspot.com/2006/06/cross-domain-frame-communication-with.html

Answer 6

What BYK said. I think what's happening is you are GETting a URL that is too large for IE to handle. I notice you are trying to send variable named src, which is probably very long, over 4k. I ran into this problem before, and this was my code. Notice the comment about IE. Also notice it causes a problem with Firefox then, which is addressed in another comment.

var autoSaveFrame = window.frames['autosave'];
// try to create a temp form object to submit via post, as sending the browser to a very very long URL causes problems for the server and in IE with GET requests.
var host = document.location.host;
var protocol = document.location.protocol;
// Create a form
var f = autoSaveFrame.document.createElement("form");
// Add it to the document body
autoSaveFrame.document.body.appendChild(f);
// Add action and method attributes
f.action = protocol + '//' + host + "/autosave.php"; // firefox requires a COMPLETE url for some reason! Less a cryptic error results!
f.method = "POST"
var postInput = autoSaveFrame.document.createElement('input');
postInput.type = 'text'
postInput.name = 'post'; 
postInput.value = post;
f.appendChild(postInput);
//alert(f.elements['post'].value.length);
// Call the form's submit method
f.submit();