Highlighted

CFwindow not working with secure URL

New Here ,
Sep 29, 2014

Copy link to clipboard

Copied

I use the code

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" center="true" resizable="false" draggable="false" source="login.htm"/>

and it is working fine.  The sign in window appears.  However, I want to change it to a secured URL by entering the full URL

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" enter="true" resizable="false" draggable="false" source="https://mydomain/login.htm"/>

The pop up cfwindows shows blank.  Why is that?  Any help is appreciated.

Most Valuable Participant
Correct answer by Carl_Von_Stetten | Most Valuable Participant

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

Views

954

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

CFwindow not working with secure URL

New Here ,
Sep 29, 2014

Copy link to clipboard

Copied

I use the code

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" center="true" resizable="false" draggable="false" source="login.htm"/>

and it is working fine.  The sign in window appears.  However, I want to change it to a secured URL by entering the full URL

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" enter="true" resizable="false" draggable="false" source="https://mydomain/login.htm"/>

The pop up cfwindows shows blank.  Why is that?  Any help is appreciated.

Most Valuable Participant
Correct answer by Carl_Von_Stetten | Most Valuable Participant

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

Views

955

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 29, 2014 0
Most Valuable Participant ,
Sep 30, 2014

Copy link to clipboard

Copied

Is the main page the CFWindows is part of also on HTTPS?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
New Here ,
Sep 30, 2014

Copy link to clipboard

Copied

The page that calls the secured login page is not on https.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
Adobe Community Professional ,
Sep 30, 2014

Copy link to clipboard

Copied

Why don't you rename the page to .cfm? Coldfusion does not process HTML pages.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
New Here ,
Sep 30, 2014

Copy link to clipboard

Copied

I made CF process .htm as well.  I read somewhere that it's best to hide from public what technology you are using.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
Adobe Community Professional ,
Oct 01, 2014

Copy link to clipboard

Copied

jackhuang wrote:

I made CF process .htm as well.

No, you cannot. Again, Jackhuang, you see a blank page because Coldfusion does not process the CFML code on the HTML page. I am assuming here that you are using the default Coldfusion extensions CFM, CFML, CFC, etc.

Then the web server does not send HTML files to Coldfusion for processing. It simply sends them as text to the browser. You are seeing nothing because browsers don't display tags. However, you will see the text if you open the URL in a browser and view the source.

Oh, and I agree with Scott and Carl that you should avoid Coldfusion UI tags like cfwindow. You could use simple ol' Javascript.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
Participant ,
Sep 30, 2014

Copy link to clipboard

Copied

Because CFWindow.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
Participant ,
Sep 30, 2014

Copy link to clipboard

Copied

What happens when you go to the URL directly in a browser window rather than from CFWINDOW?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
New Here ,
Sep 30, 2014

Copy link to clipboard

Copied

It works normally with https prefix.  It's just a simple sign in form.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
Most Valuable Participant ,
Sep 30, 2014

Copy link to clipboard

Copied

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
New Here ,
Sep 30, 2014

Copy link to clipboard

Copied

I am not sure a blank page is because of the cross-domain issue?  If you can suggest a good simple solution that can pop up a window automatically, similar to the cfwindow i.e. not movable or scalable and source can't be viewed that will be great.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 30, 2014 0
Adobe Community Professional ,
Oct 01, 2014

Copy link to clipboard

Copied

An update after a reread.

jackhuang wrote:

I made CF process .htm as well. I read somewhere that it's best to hide from public what technology you are using.

Do I understand correctly that you added .htm to the extension mappings list in the web server configuration?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
Participant ,
Oct 01, 2014

Copy link to clipboard

Copied

Do you see any errors or messages in the browser console when the window tries to load?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
New Here ,
Oct 01, 2014

Copy link to clipboard

Copied

The .htm extension was added on the server so all .htm will be processed by CF

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
New Here ,
Oct 01, 2014

Copy link to clipboard

Copied

I see in the console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://mydomain.com/login.htm?_cf_containerId=signmein_body&_cf_nodebug=true&_cf_nocache=true&_cf_r.... This can be fixed by moving the resource to the same domain or enabling CORS.

So I either have to add the access control as suggested by Carl or use another way of automatically popping up  a secured sign in window.  Any suggestion is welcome.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
Participant ,
Oct 01, 2014

Copy link to clipboard

Copied

Did you look at the link Carl posted?

If not, why not?

If so, why do you need other suggestions?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
New Here ,
Oct 01, 2014

Copy link to clipboard

Copied

I did.  The cfwindow is easy to use, but when it pops up, it actually messed up the css layout of the call page for some reason.  It's not that obvious (it took the top margin off) but if there is other way to do this I would try it. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 01, 2014 0
New Here ,
Oct 03, 2014

Copy link to clipboard

Copied

Carl, the header:

Header set Access-Control-Allow-Origin https://www.mydomain.com

has been added to the .htaccess but it is still not working.  This cfwindow is driving me crazy .

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 03, 2014 0
Adobe Community Professional ,
Oct 03, 2014

Copy link to clipboard

Copied

jackhuang wrote:

Carl, the header:

Header set Access-Control-Allow-Origin https://www.mydomain.com

has been added to the .htaccess but it is still not working. 

What about just adding

<cfheader name="Access-Control-Allow-Origin" value="https://www.mydomain.com">

or

<cfscript>

response = getPageContext().getResponse();

response.setHeader("Access-Control-Allow-Origin","https://www.mydomain.com");

</cfscript>

to the top of the page?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 03, 2014 0
New Here ,
Oct 03, 2014

Copy link to clipboard

Copied

Thanks BKBK.  I have tried both plus .htacess changes  to no avail.  I am still getting the same error message in the Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.mydomain.com/login.htm?_cf_containerId=signmein_body&_cf_nodebug=true&_cf_nocache=true&_.... This can be fixed by moving the resource to the same domain or enabling CORS.

I am ready to give up on cfwindow.  Either Firefox is not telling the truth or cfwindow is doing something non-standard.  But I need something to replace it that I will be able to pop up without clicking on a button.  I use cfwindow for signing in when I detect that the user is trying to enter a form without signing in. 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 03, 2014 0
Adobe Community Professional ,
Oct 04, 2014

Copy link to clipboard

Copied

I would experiment some more. On which page do you add the header? You could experiment by placing it in the Application file. You could also replace the domain https://www.mydomain.com with the wildcard *.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 04, 2014 0
New Here ,
Oct 04, 2014

Copy link to clipboard

Copied

I have placed it on both the http calling page and the called https page.  I tried with the * as well. None is working.  I don't use an Application file.    It can't be possible that I am the only one having this issue.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 04, 2014 0
Adobe Community Professional ,
Oct 05, 2014

Copy link to clipboard

Copied

jackhuang wrote:

  I don't use an Application file.

Inadvisable in Coldfusion. You really should.

Anyway, there is another test you could do. It involves you adding an extra page, whose function is to set the CORS response header.

testpage1.cfm

<cfscript>

pc = getPageContext();

response = pc.getResponse();

response.setHeader("Access-Control-Allow-Origin","*");

pc.include("testpage2.cfm");

</cfscript>

testpage2.cfm

<cfajaximport tags="cfform, cfmessagebox, cfwindow">

<cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" resizable="false" center="true" closable="true" draggable="false" source="https://mydomain/login.htm"/> <!--- Attribute 'enter' deleted, as it is invalid, and replaced with 'center'. Attribute 'closable' added --->

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 05, 2014 0
Adobe Community Professional ,
Oct 05, 2014

Copy link to clipboard

Copied

jackhuang wrote:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.mydomain.com/login.htm?_cf_containerId=signmein_body&_cf_nodebug=true&_cf_noca che=true&.... This can be fixed by moving the resource to the same domain or enabling CORS.

Whatever else is the issue, Coldfusion adds the query-string, _cf_containerId=signmein_body&_cf_nodebug=true&_cf_nocache=true&_cf_rc=0. What if the site  https://www.mydomain.com/login.htm expects no URL parameters? You should therefore report this as a bug.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 05, 2014 0
New Here ,
Oct 05, 2014

Copy link to clipboard

Copied

Thank you for all your help.  I tried the test pages and they have exactly the same problem.  The cfwindow still showed blank page.

What is the purpose of Application.cfm?   The site seems to be running fine without it. You recommended

<cfapplication name="cfwintest"

    sessionmanagement="Yes"

    sessiontimeout="#createTimeSpan(0,0,20,0)#"

    applicationtimeout="#createTimeSpan(1,0,0,0)#">

Is this something that I shall add to root directory?  Does it mean that if the user is login and if there is no activity, it will timeout in 20 minutes (all cookie deleted)?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 05, 2014 0
Participant ,
Oct 05, 2014

Copy link to clipboard

Copied

Unsubscribe

Sent from my not so pocket sized computer

Scott Stroz

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 05, 2014 0
Most Valuable Participant ,
Oct 03, 2014

Copy link to clipboard

Copied

jackhuang,

I don't really have anything else to offer, other than "don't use <cfwindow>".

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 03, 2014 0