Cross domain access permission denied in iframe

javascript html iframe outlook cross-domain

17,689

Solution 1

That's the cross domain policy restricting you. It's designed to prevent cross site scripting (XSS) attacks.

Basically, only pages from the same domain, protocol and port can alter each other's content.

Solution 2

I faced similar issues when trying to make cross domain calls. For IE8 you can use the following approach

var xdr = new XDomainRequest();
xdr.open("get", "http://domain2");
xdr.onload = function(){
    //your code
};
xdr.send();

Additionally in IE only for testing purposes there is an option to add the specific address (domain1 in your case) to the trusted list Tools>Security>Trusted Sites>Sites and allow it to make cross domain requests by going to custom level and selecting Access data sources across domains. Please ensure the second is used only for testing.

Solution 3

If no JSONP solution exists, build a server side proxy.

17,689

Author by

R_Dhorawat

Updated on June 04, 2022

Comments

R_Dhorawat almost 2 years
I am trying to embed OWA (Microsoft Exchange Server 2010) in a web page within an iframe but I get a JavaScript error on the OWA page saying Access Denied and then none of the controls within the OWA window work.

I have to use OWA in web page, I read in the form that cross domain does not work properly. Error comes as:
Client Information

User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 GTB7.1 (.NET CLR 3.5.30729)
CPU Class: undefined
Platform: Win32
System Language: undefined
User Language: en-US
CookieEnabled: true

Exception Details

Date: Wed Oct 27 2010 10:17:05 GMT+0530 (India Standard Time)
Message: Permission denied for <http://domain_2> to get property HTMLIFrameElement.ownerDocument from <domain_1>.
Url: http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js
Line: 1

Call Stack
```
undefinedError()@:0 window$onerror(&quot;Permission denied for <http://domain_2> to get property HTMLIFrameElement.ownerDocument from <domain_1>.&quot;,&quot;http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js&quot;,1)@http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js:1 (domain_1>.&quot;,&quot;http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js&quot;,1%29@http://domain_2/owa/[email protected]/14.0.639.21/scripts/premium/uglobal.js:1) function Array$get_Length() { return this.length; } function Array$get_Item(index) { return this[index]; } function Array$get_Enumerator() { return new (Owa.Collections.ListEnumerator)(this); } function Array$remove(oItem) { var index = this.indexOf(oItem); if (index > -1) { this.splice(index, 1); } return index > -1; } function Array$removeAt(iIndex) { if (iIndex < this.length) { this.splice(iIndex, 1); return true; } return false; } function Array$add(oItem) { this.push(oItem); } function Array$clone() {
```
What I saw is that the error comes when uglobal.js which comes with the Exchange in the iframe trying to access property of parent.

Message: Permission denied for <http://domain_2> to get property HTMLIFrameElement.ownerDocument from <domain_1>.

Is there any other way by which I can use OWA in my page?