Cross domain access permission denied in iframe

Question

Hi,

I am trying to embed OWA (microsoft exchange server 2010) in a web page within an iFrame but i get a javascript error on the OWA page saying Access Denied and then none of the controls within the OWA window work.

I have to use OWA in web page , i read in the form that cross domain not work properly.

Is there any other way by which i can use the owa in my page.

Error comes as: Client Information ------------------ User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 GTB7.1 (.NET CLR 3.5.30729) CPU Class: undefined Platform: Win32 System Language: undefined User Language: en-US CookieEnabled: true Exception Details ----------------- Date: Wed Oct 27 2010 10:17:05 GMT+0530 (India Standard Time) Message: Permission denied for <http://domain_2&gt; to get property HTMLIFrameElement.ownerDocument from <domain_1>. Url: http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js Line: 1 Call Stack ---------- undefinedError()@:0 window$onerror(&quot;Permission denied for <http://domain_2&gt; to get property HTMLIFrameElement.ownerDocument from <domain_1>.&quot;,&quot;http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js&amp;quot;,1)@http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js:1 (domain_1>.&quot;,&quot;http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js&amp;quot;,1%29@http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js:1) function Array$get_Length() { return this.length; } function Array$get_Item(index) { return this[index]; } function Array$get_Enumerator() { return new (Owa.Collections.ListEnumerator)(this); } function Array$remove(oItem) { var index = this.indexOf(oItem); if (index > -1) { this.splice(index, 1); } return index > -1; } function Array$removeAt(iIndex) { if (iIndex < this.length) { this.splice(iIndex, 1); return true; } return false; } function Array$add(oItem) { this.push(oItem); } function Array$clone() {

what i saw is that .. error comes when uglobal.js which comes with the exchange in the iframe trying to access property of parent .

Message: Permission denied for <http://domain_2&gt; to get property HTMLIFrameElement.ownerDocument from <domain_1>.

If anybody faces this problem earlier or know something give some feedback..

Thanks

Answer 1

If no JSONP solution exists, build a server side proxy.

Answer 2

That's the cross domain policy restricting you. It's designed to prevent cross site scripting (XSS) attacks.

Basically, only pages from the same domain, protocol and port can alter each other's content.

Answer 3

I faced similar issues when trying to make cross domain calls. For IE8 you can use the following approach

var xdr = new XDomainRequest();
xdr.open("get", "http://domain2");
xdr.onload = function(){
    //your code
};
xdr.send();

Additionally in IE only for testing purposes there is an option to add the specific address (domain1 in your case) to the trusted list Tools>Security>Trusted Sites>Sites and allow it to make cross domain requests by going to custom level and selecting Access data sources across domains. Please ensure the second is used only for testing.