Using window.top.location for share dialog link from canvas app - xss

I'm trying to use window.top.location as the link property when sharing content from an application using the JS SDK. This is an iframe canvas app.
When I send in window.top.location I get the following error:
Error: Permission denied to access property 'toJSON' Source File:
http://connect.facebook.net/en_US/all.js Line: 9
I also tried to pass in the href property of window.top.location but I get a similar error in my own code:
Error: Permission denied to access property 'herf' Source File:
http://localhost:2888/Scripts/quickView.js Line: 65
I'm assuming this is a XSS issue, but I was wondering if there was a way around it. I could always pass the canvas page url to the client from the server, but I would like to see if we can get this working instead.
Appreciate your thoughts on this.

A little late on the follow up, but Shawn eluded to the correct answer. The issue is only present when running the application locally. In a hosted environment I can access this property without issue.

Related

sitecore Access denied error

I am using Sitecore 7.2 and have created many content items, everything is working fine except items in an "admin" folder.
When I try to access Blog admin from admin folder, I get noaccess error, I have checked permissions and they look fine. The following string is added to the URL and redirect to the my 404 page.
?item=%2f**noaccess**&user=extranet%5cAnonymous&site=website
I have inherited this project from a different developer, so I am trying to figure out if any config can disable the access or not.
I have also tried removing all renderings but still getting same error.
Items are published properly and I have checked them in Sitecore web database.
Where should I look to find out the problem?

Open link using system browser using InAppBrowser

I am using Ionic 2 and want to open a PDF file from a remote server using the device's default browser. I have a couple of problems:
First, I am unable to run this on the browser. I get this error:
Native: InAppBrowser is not installed or you are running on a browser. Falling back to window.open.
The ionic docs seem to indicate support for all devices and browsers. Am I doing something wrong or the docs are wrong?
Secondly, when I run the app, the PDF file does not open in the system's default browser but within the app. I am using Ionic View to do the testing. Here is my code:
import { InAppBrowser } from '#ionic-native/in-app-browser';
constructor(public appGlobal: AppGlobal, private iab: InAppBrowser) {
const browser = this.iab.create('www.google.com', '_system');
browser.show();
Also, if I change the URL to my php script that generates and returns a PDF file, it does not work at all.
To use the device's default browser, you don't need to use the IAB. You just need to open a new window with _system. Your device will do the rest.
window.open(url, '_system');
You can also do what you're doing if you want to keep the IPB, just omit the open function.
Adding the _system target means you don't need to do this anymore as it crashes the app.
uninstall inappbrowser plugin and simply try this:
window.open(pdf_url, '_system', 'location=yes');
When you use _system browser, it's not necessary use browser.show()
this.iab.create('www.google.com, '_system');

Can't get access to configuration.php Joomla 2.5

Got a site to make some changes. Unfortunately I can't get an access to www/root/configuration.php . Suppose the file was blocked by another user who had admin rights. Am I right?
I'm not clear exactly what you mean by 'can't get access' to the configuration file. Maybe it's permission related or maybe the site was customised and the configuration file is in a non-standard location.
Either way there are a couple of options you could try.
I presume you have access to the backend of the site and so you could make most changes from there via Site > Global Configuration.
You can also view almost all the details of the config file from Site > Sytem Information > Configuration File
If neither of these suggestions solved your problem, maybe you could instal a file management component like http://extensions.joomla.org/extension/extplorer and acces the config file that way.
Good luck!

Run fuel php app in AWS EC2 instance

I have a fuel php application created by one of my friend.Now I want to run it on aws EC2 instance(ubuntu).I can run the application using apache2 and its index page is loading.After facebook connect from index page it is supposed to show my fb friends list. But it is showing a 404 error POST http://ec2xxxxcompute.amazonaws.com/ajax/auth/facebook not found
I can see a get_facebook() method inside controller(/ajax/auth.php).But it is not catching the method.My top level understanding is i need some url mapping in server level.
Can anyone help me to run the app.Any suggestion will be highly appreciated as a biginner
Are any other URL's loading, or only the index page? If that is the case, it might be a rewriting issue.
Is the default .htaccess file still included in the /public folder? Or did your friend change it?
You may not actually be calling your php code at all. Don't you need something like :
http://ec2xxxxcompute.amazonaws.com/ajax/auth.php/facebook

Can't Open Web forms for marketers Form Designer or Security Manager

I have had WFFM running on a Sitecore instance for a while, but it has recently stopped working. When I go to "Form Designer" on an existing form, I get the standard Sitecore "The requested document was not found" page.
Requested URL: /applications/modules/web
User Name: sitecore\admin
Site Name: shell
If the page you are trying to display exists, please check that an
appropriate prefix has been added to the IgnoreUrlPrefixes setting in
the web.config.
Note that the requested URL is stated as /applications/modules/web instead of /applications/modules/web forms for marketers.
A lot of development has occurred on this site recently, so I'm not sure when exactly this started happening.
Additional: info:
Folder and file permissions are correct.
I've tried reinstalling the WFFM package, and made sure that all the files are in place.
Several processors have been added to the HttpBeginRequest pipeline, but I removed them all to test if they were the cause - they weren't.
I haven't upgraded Sitecore since WFFM was working and the version is correct.
No errors are logged
EDIT
This also seems to be affecting the Sitecore Security Editor:
Requested URL: /appl
User Name: sitecore\admin
Site Name: shell
If the page you are trying to display exists, please check that an
appropriate prefix has been added to the IgnoreUrlPrefixes setting in
the web.config.
EDIT 2
Further investigation with this is making me think it is related to the Requested URL. I originally thought the the "Not found" page was displaying the requested url incorrectly. However, if I attempt to goto mysite.com/sitecore/shell/applications/fake folder with spaces/fake page with spaces I get this error message:
Requested URL: /applications/fake folder with spaces/fake page with
spaces
User Name: sitecore\admin
Site Name: shell
If the page you are trying to display exists, please check that an
appropriate prefix has been added to the IgnoreUrlPrefixes setting in
the web.config.
As you can see the Requested Url is correct in the error message. So in relation to my problem, I think maybe Sitecore is requesting the wrong URL in the first place.
Additionally if I go to the go the following url by typing directly into the browser, then the Security Editor opens as expected:
mysite.com/sitecore/shell/Applications/Security/User-Editor
This is quite old now but I thought I'd provide an update for anyone else who encounters the problem.
Unfortunately, Sitecore support weren't able to help beyond pointing out that setting the addAspxExtension attribute to 'true' in the link provider seemed to solve the problem. This may have been acceptable except that extensionless URLs were important to the customer.
In the end I had to amend my link provider so that addAspxExtension is set to 'true' in the web config, and then I set it to false inside the GetItemUrl method for specified sites only.
So now whenever the context site is 'Shell' or 'Admin' etc, the extensions are added by default, but switched off in my main website.
Of course, this is a work around. I still don't know how to actually fix the problem
So the first thing that I am going to tell you is that I suspect that there is something wrong with your site declaration for Sitecore Modules. In your web.config, there's a site declaration for "modules_shell" and "modules_website". Those are where the code files that run the modules are usually located... a shell folder to run the parts that run in the Sitecore shell and a web folder to run the part that is accessed by the externally facing site. Please check your site declarations (and the form.config file) to make sure that you're not in live mode or something like that. I would definitely say that this is where you should start looking.
The next thing is to say that your comments about Sitecore not serving a url in the /sitecore/shell directory is really not surprising. Sitecore processes all requests unless you specifically tell it to ignore requests (like setting it in the IgnoreUrlPrefixes in web.config), it's going to try processing it. Like going to /sitecore/shell/applications gives me a layout error because it doesn't have anything set to handle that request. Now your error suggests that there is something wrong with Site declarations.. however, even if they were all right, it still wouldn't work.