Issue with passing querystring parameters via Http Get to an iframe in IE

Question

Hi,

This is a follow up to my previous question: Problem passing parameters via Iframe in IE. Which was never solved.

---

Here's the core of it:

I'm trying to execute an HTTP GET from my website to another website that is brought in via iframe.

On Firefox, you can see in the source that the correct url is in the iframe src along with it's correct parameters-- and it works.

On IE, you can see in the source that the correct url is in the iframe src along with it's correct parameters-- and it doesn't work...

Is there something about IE that doesn't let you pass parameters through an iframe in the querystring?

I've tried refreshing the iframe in IE, I've tried refreshing my page & the iframe in IE, and I've tried copying the url and re-pasting it into the iframe src (forcing it to refresh as if I just entered it into the address bar for that iframe window). Still no luck!

Anyone know why this is happening, or have any suggestions to try to get around this?

As for the code, all it's doing is creating the src from the backend code on page load and setting the src attribute from the back end...

//Backend code to set src
mainIframe.Attributes["src"] = srcWeJustCreated;

//Front end iframe code
<iframe id="mainIframe" runat="server" />

---

I've made a temporary account for you to login and see exactly what I mean. That way you can use firebug or any of your other debugging techniques to figure out why this isn't working rather than having me try to explain what's going on.

EDIT: Changed the account credentials. Please use this one instead
Username: matt
Password: globalbuying

Please follow this link to get to the login page. One you login with the above credentials it will take you to the main backend page. Click the image on the left that says "Vacations", that will take to you a page with the iframe and will execute the Http Get from there.

If you need more details on what's going on in the behind code, etc., let me know and I'll post them.

Thanks,
Matt

Answer 1

The example page you provided is working for me in IE8. The iframe is not as tall as in chrome, but it does have the correct page in it.

As an aside, please note that passing logon credentials via the query string is extremely unsecure and open to various exploits.

Answer 2

It seems that the ampersands in the iframe's URL are HTML-encoded (&). I think that might cause IE to choke on identifying the param names. Does the problem still occur if you use plain ampersands in the URL?

If the encoding on the src attribute is happening implicitly, you might want to consider using a Literal control for testing purposes and set its Text property to the entire iframe tag to avoid any unwanted encoding.

Answer 3

After working my way through the HTTP requests with Fiddler2, comparing different browsers, I found that IE makes the request just fine, but fails to set any cookies in the iframe.

I also noticed that if I open that framed page by itself it does work. Even more so, after logging out again there, the iframed version works too. That's because it then already has a session cookie and the iframe no longer needs to set it.

It turns out that this is a known security restriction: IE blocks cookies in iframes. But this can be overcome with the use of the Platform for Privacy Preferences (P3P).

Here are a few links that should help you fix the problem. Starting off with another (answered) question on StackOverflow:

• Cookie blocked/not saved in IFRAME in Internet Explorer
• Privacy in Internet Explorer 6
• IE Blocking iFrame Cookies

Answer 4

Does anyone know of a way of addressing this issue when you don't have access to change the 3rd party web pages which you're pulling into the iframe?