Closed Bug 222779 Opened 21 years ago Closed 17 years ago

frames and You are not authorized to access ... not remembering user login either

Categories

(Bugzilla :: Bugzilla-General, defect)

x86
Windows 2000
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: jpyeron, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Build Identifier: ie 6.0

I have sever bz links in my javadoc (which use frames)

on my local disk (c:\projects...) I load up the html, click a bz link it burps 
that I am required to login (we have groups enabled, more if needed)

so I login, then it drops me on the query page

???? so i put the bug number in 

back to start ...

but if I choose open link in new window (my login is still remembered) the bug 
shows up.



Reproducible: Always

Steps to Reproduce:
Bugzilla doesn't really have a way to know if it's inside a frame or not.  That
sounds like a bug in your browser if it's not delivering an existing cookie to a
page opened inside a frame...
(yes I assumed that, I guess I should of explicitly stated it)

but it is an issue all the same. 

is it worth looking into how IE delivers cookies from inside frames?

Yeah, if we can find a way to work around it, there's no reason not to.  Or at
least document what needs to happen if it's something the user has to change on
their end.

I have a feeling it's probably related to security settings...   Mozilla
prevents javascript from accessing the contents or properties of a subframe that
has loaded a document from a different hostname than the one the parent frame
loaded from.  Perhaps IE doesn't have that restriction, and thus prevents
sending cookies as an alternate way to stop the parent javascript from accessing
cookies from another site.
some googling...

http://support.microsoft.com/support/kb/articles/Q182/5/69.ASP


http://216.239.41.104/search?
q=cache:rIN3lFNTwrsJ:pub80.ezboard.com/fcafepressstoreownersforumfrm24.showMessa
ge%3FtopicID%3D5.topic+IE+cookies+frames&hl=en&lr=lang_en&ie=UTF-8

http://pub80.ezboard.com/fcafepressstoreownersforumfrm24.showMessage?
topicID=5.topic
We put a bugzilla 2.16.5 link into a frame and when people do anything they have
to login again.  Take it out of the frame and it works fine.  The two people
reporting this are on MSIE.  I'm on Mozilla and I haven't see it yet.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q283185
http://www.w3.org/P3P/
http://p3ptoolbox.org/guide/
http://www.w3.org/TR/p3pdeployment


in short, if the domain does not match, or esp if the frames are c:\whatever
and bz is bz.domain.com you need to add bz.domain.com to your less 
secure/trusted sites in IE.
Reassigning bugs that I'm not actively working on to the default component owner
in order to try to make some sanity out of my personal buglist.  This doesn't
mean the bug isn't being dealt with, just that I'm not the one doing it.  If you
are dealing with this bug, please assign it to yourself.
Assignee: justdave → general
QA Contact: mattyt-bugzilla → default-qa
I alway like to bugzilla as target="_top", which removes the frames, how about 
a refresh link, to do the same on the error message based on the refer header?
(In reply to comment #3)
> I have a feeling it's probably related to security settings...   Mozilla
> prevents javascript from accessing the contents or properties of a subframe that
> has loaded a document from a different hostname than the one the parent frame
> loaded from.

Yes, correct. And I think that's a good reason to not try to work around this.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.