Trying to use a cpip with javascript
Thu, 2008-07-10 17:45 — danderson
I'm not a programmer - which probably sums up why I'm having a problem.
Has anyone tried to open a cpip link using javascript to open a new window?
The cpip works when I use html target="new", but when I use:
window.open(url,"eventInfo","width=400,height=400,toolbar=no,status=no,resizeable=no,scrollbars=yes");
to open the link, the authentication fails.
What am I doing wrong?
Thanks,
denise
- danderson's blog
- Login or register to post comments
Hack Your Knowledge
Recent blog posts
- LDI Queue Monitoring Script
- U of S Single Sign-on SSO Monitoring Script
- Lum IV - Perf problems and Paralled Deployment
- WebCT custom SSO Icon
- Examples using our AjaxRequests channel
- User-defined role and event trigger 101
- Silly question about lumdev itself
- See the XML nested-tables.xsl is processing
- Need Luminus version 3 or 4 for Installation
- Guest Login to IV?
Developer Links
Poll
What is your estimated peak concurrent usage (sessions) on Luminis at your institution?
More than 2500
13%
Between 2000-2499
0%
Between 1500-1999
0%
Between 1200-1499
0%
Between 900-1199
13%
Between 500-899
13%
Fewer than 500
63%
Total votes: 8
- Login or register to post comments
- Older polls
Syndicate
Comments
dispatch.policy.host
Part of luminis' XSS protection is to check the "referer url" of incoming requests. Normal links pass this on, but some browsers don't when you use the window.open function. For instance, I bet if you tried your javascript in Firefox, it would work, but in IE it doesn't.
I haven't had a chance to try this, but from what I understand, you can "white list" urls that don't need their referer url checked. The configman settings to change this are under dispatch.policy.host.*
You can find more info on this in the 4.1 admin guide on page 10-11. There is also a reference to it on this post: http://www.lumdev.net/node/426?page=1#ggviewer-offsite-nav-3945488
Update
Thanks Mike for the response. A few things I noted:
1. Browser was irrelevant. It did not work in any browser.
2. Using Firefox Live HTTP Headers, I was able to view the referrer url for the cpip that worked (using html) and the one that didn't (using javascript) -- both were exactly the same.
3. I proceeded to add a new referer entry to dispatch.policy.host per the docs and increase the referer.count. When that did not work, I tried adding a new unEnforcedURI to no avail.
4. Finally in desperation, I went into nested tables, copied and tweaked the javascript SCT uses to open calendar and put that in my channel -- that WORKED!
As far as I can tell, the change that may have made the difference was in rewriting the function to define the url instead of passing it.
Thanks again for putting me on the track towards better understanding the problem and finding a solution.
Denise
Denise Anderson
Portal Administrator
Wright State University