views:

85

answers:

1

We have a .net based application hosted with SAP enterprise portal iframes. The domain of the SAP portal is al.xx.companyname.com. The domain of the .Net application server is ss.xx.companyname.com.

Now when I open the application through Enterprise portal, I get a 'Permission denied' JavaScript error. I enabled script debugging in IE and then attached visual studio debugger to the JavaScript error. I noticed the error is thrown from the following JavaScript code to set/ reset dirty flags.

if(top.EPCM!=null)

Understandably the issue is due to cross domain scripting. i.e. the application server of ss.xx.companyname.com is trying to access the browser component of enterprise portal of domain al.xx.companyname.com.

However this cross scripting is a trusted domain scripting and I want to somehow allow this cross scripting. I tried to set the primary DNS suffix of the application server. by following the below approach.

  1. Right click on My computer of application server. (Windows 2003 server, by the way)
  2. select properties - Computer Name
  3. Click Change button and in the next window click More button
  4. And under the'Primary DNS suffix of this computer' textbox, I entered the value - al.xx.companyname.com.

Now after the above settings, I assume the domains of both enterprise portal and application server will be taken as al.xx.companyname.com. However I am still getting the JavaScript permission denied error in the same JavaScript code mentioned above.

As suggested in the replies, I also implemented document.domain approach.

var requireddomain = 'al.xx.companyname.com';
var text = document.domain; //returns the domain as ss.xx.companyname.com

if (text != requireddomain) 
        {
            for (i=0; i < 2; i++)
            {
                dotposition = text.indexOf( "." );
                text = text.substr(dotposition +1);
            }
            document.domain = text;
         }

    if(top.EPCM!=null)

With the above code, the document.domain object is set as companyname.com which is common to both Enterprise portal and application server. However still the permission denied issue is thrown in the line >> if(top.EPCM!=null)

This issue is breaking my head for past 3 days. Can someone please help me with this? The objective is to allow cross domain scripting between application server and enterprise portal which is a trusted connection. Thanks.

Update:

Interesting & frustrating development. I have installed ssl certificates in my application server. And still the permission denied error is thrown.

  • Portal domain: al.xx.companyname.com
  • app domain: ss.xx.companyname.com

I was trying to set the document.domain property to 2 sublevels down, i.e to companyname.com.

But still the 'permission denied error' occurs.

I guess, the setting of document.domain will only work if the app domain is a subset of portal domain. i.e.

  • portal domain: al.xx.companyname.com
  • App domain: ss.al.xx.companyname.com.

In the above case, I can just reduce the app domain to one sublevel down (to al.xx.companyname.com). Then I guess, it would work.

However in my case the portal and app servers are 2 branched subdomains of the same companyname.com and hence cross scripting is still not allowed.

Any suggestions on how to proceed?

+1  A: 

The Same Origin Policy is probably so strict that it doesn't make exceptions even with trusted sites.

The cross-browser document.domain property should be able to solve this:

There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement:

document.domain = "company.com";

Pekka
Hi; i followed the document.domain approach which sets the domain as companyname.com. I have edited the code in the question. However the issue still persists. Can you check if I am doing something wrong?
vs1984
@vs1984 you need to set `document.domain` in each page and each frame. Is that the case?
Pekka
@Pekka - Yes. The above code is implemented in a common JavaScript file included in each page.
vs1984
@Pekka - Apparently I was wrong about the above statement. It is true that the document.domain object should be set as the same for each interacting frames. It was not the case in this issue.
vs1984
@vs ah! Does that mean that it works now?
Pekka
@pekka - yes. It works now. We could not alter the document.domain of the portal though (political reasons). We had set a DNS alias name to the app server to match the portal link. Then it worked. Thanks for pointing the right direction.
vs1984