Clever Geek Handbook

Problem with passing querystring parameters over Http. Get in iframe in IE

It depends on my previous question: The problem of passing parameters through an iframe in IE . This has never been resolved.

Here's the kernel:

I am trying to perform an HTTP GET from my site to another website using an iframe.

In Firefox you can see in the source that the correct url is in the iframe src along with the correct parameters - and it works.

In IE, you can see in the source that the correct url in the iframe src along with that the correct parameters - and it doesn't work ...

Is there something in IE that prevents you from passing parameters via an iframe to a querystring?

I tried to refresh the iframe in IE, I tried to refresh my page and amp; the iframe in IE and I've tried copying the url and re-embedding it in the iframe src (force the update as if I had just entered it in the address bar for this iframe window). No luck yet!

Does anyone know why this is happening, or are there any suggestions to try around this?

As for the code, all it does is create a src from the backend code in the load page and set the src attribute from the back end ...

//Backend code to set src
mainIframe.Attributes["src"] = srcWeJustCreated;

//Front end iframe code
<iframe id="mainIframe" runat="server" />

I made a temporary login account and see what I mean. This way, you can use firebug or any other debugging techniques to understand why it doesn't work, rather than trying to explain what's going on.

EDIT: Account credentials changed. Use instead
Username: matt
Password: globalbuying

Follow this link to go to the login page. When you log in with the above credentials, you will be taken to the home page. Click on the picture on the left that says "Vacation" which will take you a page with an iframe and execute an Http Get from there.

If you need more information about what's going on in the code outside, etc., let me know and I'll post them.

Thanks,
Matt

+2


source to share


3 answers


After working with HTTP requests with Fiddler2 , comparing different browsers, I found that IE makes the request just fine, but fails to set cookies to iframe

.

I also noticed that if I open this framed page on my own it works. Moreover, after logging out, the iframed version also works there. This is because it already has a session cookie in it and iframe

no longer needs to set it.

It turns out that this is a known security limitation: IE blocks cookies in an iframe. But this can be overcome by using Platform for Privacy (P3P) .



Here are some links to help you fix the problem. Starting from another (answered) question on StackOverflow:

+12


source


The example page you provided works for me in IE8. The iframe is not as tall as chrome, but it has the correct page in it.



Please note that passing login credentials via a query string is highly insecure and open to various exploits.

0


source


It seems that the ampersands in the iframe url are HTML encoded ( &amp;

). I think this might make IE choke on identifying parameter names. Does the problem occur if you use simple urls in urls?

If the encoding of the src attribute is implicit, you may need to use the control Literal

for testing purposes and set its property Text

on the entire iframe tag to avoid unwanted encoding.

0


source






More articles:


All Articles