tags:

views:

508

answers:

2
Q: 

Security error in cross domain iframe

Hi All,

I have a click tracker for a client. The tracker is nothing but a javascript snippet which writes an iframe(a different domain) into the page.

If I have a normal iframe I am able to track clicks more accuratley(I compare the data from another tracking solution) than when the iframe is secure(the site is accessed over ssl).

While trying to debug the issue, I came across a scenario, where the iframe had a security error. It said something to the extent that the Secure Certificate was not Valid.

The problem now is, I could see this error only once, after which I could not reproduce it. Is there any way I can replicate the error? Is there any way I can figure out why I am tracking less clicks if the iframe is secured?

Technology Stack:
dotNet framework 3.5
OS: Win 2003 server
Web server: IIS 6.0
SSL Certificate Issuer: Go Daddy.

+1  A: 

iframes should be sharing the same domain for example foo.com and subdomain.foo.com is not the same SSL wise.

cartman  2009-05-09 20:05:11
yes, I understand that. In this case we are placing the snippet from a different domain. So this situation does not arise.
rAm  2009-05-10 05:19:47
If you are placing the snippet from another domain then you are already violating same-domain policy. Did you try including the snippet in the "same" domain ?
cartman  2009-05-10 09:28:56
I cannot do that, as I don't have any control over the domain. I can just place this snippet placed on the html page.
rAm  2009-05-11 07:04:09
+1  A: 

The range of permissible access for a page can be expanded when a script assigns the document.domain property to a suffix of the site name space, up to the second-level domain. For example, a page on www.microsoft.com can assign the document.domain property—initially www.microsoft.com—as microsoft.com to broaden access to include pages in home.microsoft.com or any other site, as long as the other pages also set the document.domain property to the identical value. About Cross-Frame Scripting and Security : MSDN

Andrew  2009-12-15 18:59:51

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?