Open Bug 314787 Opened 19 years ago Updated 2 years ago

Loading a page in a frameset from a popup fails if done by a different server: NS_ERROR_DOM_PROP_ACCESS_DENIED

Categories

(Firefox :: General, defect)

defect

Tracking

()

People

(Reporter: aurelien.degeorges, Unassigned)

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; fr-FR; rv:1.7.12) Gecko/20050919 Firefox/1.0.7

I have a frameset composed in 2 frames located both on host1.domain.com.
A link in one of the frames opens a popup containing a page located on host2.domain.com.
This page contains a link which aims at loading another page from host1.domain.com in the source frame.
By clicking on this link, nothing loads in the source frame and an error occurs in the javascript console:
Erreur : uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "http://host2.domain.com/popupex.html Line: 12"]

Reproducible: Always

Steps to Reproduce:
Please use files submitted in attachment.
1.Assuming you have a webserver running on IP Address <IP>, modify your hosts file as follows:
<IP>     host1.domain.com     host2.domain.com
2.Put the attached files in the root directory of your webserver
3.Browse to http://host1.domain.com/first.html
4.In the right frame, click on "Link to popup"
5.In the newly opened popup, click on "LeftNavBar"

Actual Results:  
Nothing happens in the frameset and an error occurs in the javascript console:
Erreur : uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "http://host2.domain.com/popupex.html Line: 12"]

Expected Results:  
The page nav.html from host1.domain.com should have loaded in the right frame of the original window and no error should occur.

This was reproduced with firefox-1.6a1.en-US.win32.installer.exe nightly build from 11/01/2005.

This problem doesn't happen any longer if the original link (the one which opens the popup) isn't included in a frameset: browse directly to http://host1.domain.com/main.html and follows step 4 and 5, it works
This problem doesnt't happen any longer if all files are located on host1.domain.com: edit main.html and replace host2.domain.com with host1.domain.com, then follow steps 1 to 5.
I confirm the uncaught exception, independently of whether the testcase is valid or not.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Hardware: PC → All
I saw this error in my console when using today's minefield build, Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a8pre) Gecko/200708080404 Minefield/3.0a8pre. I hit it when visiting espn.go.com. I haven't seen this particular error previously in the console during my trunk testing.
I get this errror immediately in the console when I am testing espn.go.com. I am using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.9a9pre) Gecko/2007092504 Minefield/3.0a9pre.
Version: unspecified → Trunk
can we get this fixed in trunk?

STR: go to http://espn.go.com/, and open error console.

Error: uncaught exception: unknown (can't convert to string)

Error: uncaught exception: [Exception... "Access to property denied"  code: "1010" nsresult: "0x805303f2 (NS_ERROR_DOM_PROP_ACCESS_DENIED)"  location: "<unknown>"]

Reproduced on: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9b1) Gecko/2007110903 Firefox/3.0b1
Flags: blocking-firefox3?
This bug may or may not be the same as the error on ESPN.  I actually think this is invalid (if you could do this, it would be considered a same-origin hole, since host2 could replace host1's frame content, which could be very bad indeed).

This error message basically means "the site tried to violate the security model of the browser" so unless we have a testcase that should work under same-origin there isn't a valid bug to be found...
Flags: blocking-firefox3? → blocking-firefox3-
Is there any known fix for this? This bug is clearly demonstrated at this URL: http://crypto.stanford.edu/~abarth/research/nav-pointer/frame1.html
And also reported at https://bugzilla.mozilla.org/show_bug.cgi?id=418559

Please let me know if anyone got the fix for this.

Thanks in advance
Vivek Pohre
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.