发表新帖
发表新帖

How to overcome this security issue

后端 未结
关注
7 1700
傲寒
傲寒 2020-12-28 15:05

I have implemented an ajax-polling script that calls an action in the server Controller every 10 seconds. With the response, I replace the content of a div:

相关标签:
7条回答
  • 渐次进展
    2020-12-28 15:45

    You should never see that dialog on an Internet-Zone page. By default, this operation is silently and automatically blocked in the Internet Zone.

    There are two root causes for that dialog to appear in the Intranet zone:

    1> Attempting to do a cross-origin request using the XMLHTTPRequest object (http://blogs.msdn.com/b/ieinternals/archive/2011/04/22/ie-security-prompt-page-accessing-cross-domain-information-not-under-its-control.aspx)

    2> Attempting to navigate an OBJECT Tag hosting HTML to a cross origin page.

    You can avoid case #1 by using XDomainRequest instead of XMLHTTPRequest. You can avoid case #2 by using an IFRAME instead of an OBJECT tag.

    0 讨论(0)
  • 一个人的身影
    2020-12-28 15:45

    Have you tried using protocol-relative hyperlinks (//something.com/image.png)? See this link or this one.

    0 讨论(0)
  • 耶瑟儿~
    2020-12-28 15:49

    There's two things about your code :

    Why do you use a POST ajax request ? why not GET ? Your request looks like a GET request (you want to get some data), so the GET method is probably a better choice.

    It's not linked to your problem, but you should not use setTimeout with a string to eval. You should give setTimeout a variable as the first argument, and this variable should be the function you want to execute.

    function getFoo() {
    var link = '/Secure/GetFoo';

    $.get(link, function (response) {
        $('#FooSection').replaceWith(response);
    });

    window.setTimeout(getFoo, 10000);
}
    0 讨论(0)
  • 礼貌的吻别
    2020-12-28 15:49

    Did you try using absolute url?

    var link = 'https://www.yourdomain.com/Secure/GetFoo';

    0 讨论(0)
  • 眼角桃花
    2020-12-28 15:53

    I ran into a similar problem the other day, being unable to find out why IE would complain after an AJAX request.

    I used Firebug's net console and just went through the requests one by one till i found one that was http:// instead of https://, i suggest you do the same - It'll be allmost impossible for us to debug this without seeing the page, but it could be something as little as a background image not being loaded via https.

    Note: I did notice you saying it was IE, but a problem like this would probably not be browser-specific, Firefox/Chrome just doesn't make the same fuss about there being non https elements as IE does.

    0 讨论(0)
  • 悲哀的现实
    2020-12-28 15:55

    I've seen this happen before because the new content being inserted via the ajax call had links to none secure image assets, any chance this is the problem you are seeing?

    0 讨论(0)
 看不清?
提交回复
热议问题