• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CFwindow not working with secure URL

New Here ,
Sep 29, 2014 Sep 29, 2014

Copy link to clipboard

Copied

I use the code

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" center="true" resizable="false" draggable="false" source="login.htm"/>

and it is working fine.  The sign in window appears.  However, I want to change it to a secured URL by entering the full URL

    <cfajaximport tags="cfform, cfmessagebox, cfwindow">
   <cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" enter="true" resizable="false" draggable="false" source="https://mydomain/login.htm"/>

The pop up cfwindows shows blank.  Why is that?  Any help is appreciated.

Views

1.6K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Guide , Sep 30, 2014 Sep 30, 2014

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

Votes

Translate

Translate
Guide ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

Is the main page the CFWindows is part of also on HTTPS?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

The page that calls the secured login page is not on https.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

Why don't you rename the page to .cfm? Coldfusion does not process HTML pages.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

I made CF process .htm as well.  I read somewhere that it's best to hide from public what technology you are using.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

jackhuang wrote:

I made CF process .htm as well.

No, you cannot. Again, Jackhuang, you see a blank page because Coldfusion does not process the CFML code on the HTML page. I am assuming here that you are using the default Coldfusion extensions CFM, CFML, CFC, etc.

Then the web server does not send HTML files to Coldfusion for processing. It simply sends them as text to the browser. You are seeing nothing because browsers don't display tags. However, you will see the text if you open the URL in a browser and view the source.

Oh, and I agree with Scott and Carl that you should avoid Coldfusion UI tags like cfwindow. You could use simple ol' Javascript.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

Because CFWindow.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

What happens when you go to the URL directly in a browser window rather than from CFWINDOW?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

It works normally with https prefix.  It's just a simple sign in form.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guide ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

Because that is considered a cross-domain request (although it seems to be only cross-protocol, in reality an http address can resolve to a different virtual host from an https address).  Take a look a this StackOverflow thread for some suggested workarounds.

Also, this is probably easier to deal with using **anything** other than CFWindow, as Scott suggests.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Sep 30, 2014 Sep 30, 2014

Copy link to clipboard

Copied

I am not sure a blank page is because of the cross-domain issue?  If you can suggest a good simple solution that can pop up a window automatically, similar to the cfwindow i.e. not movable or scalable and source can't be viewed that will be great.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

An update after a reread.

jackhuang wrote:

I made CF process .htm as well. I read somewhere that it's best to hide from public what technology you are using.

Do I understand correctly that you added .htm to the extension mappings list in the web server configuration?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

The .htm extension was added on the server so all .htm will be processed by CF

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

Do you see any errors or messages in the browser console when the window tries to load?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

I see in the console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://mydomain.com/login.htm?_cf_containerId=signmein_body&_cf_nodebug=true&_cf_nocache=true&_cf_r.... This can be fixed by moving the resource to the same domain or enabling CORS.

So I either have to add the access control as suggested by Carl or use another way of automatically popping up  a secured sign in window.  Any suggestion is welcome.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

Did you look at the link Carl posted?

If not, why not?

If so, why do you need other suggestions?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 01, 2014 Oct 01, 2014

Copy link to clipboard

Copied

I did.  The cfwindow is easy to use, but when it pops up, it actually messed up the css layout of the call page for some reason.  It's not that obvious (it took the top margin off) but if there is other way to do this I would try it. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 03, 2014 Oct 03, 2014

Copy link to clipboard

Copied

Carl, the header:

Header set Access-Control-Allow-Origin https://www.mydomain.com

has been added to the .htaccess but it is still not working.  This cfwindow is driving me crazy .

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 03, 2014 Oct 03, 2014

Copy link to clipboard

Copied

jackhuang wrote:

Carl, the header:

Header set Access-Control-Allow-Origin https://www.mydomain.com

has been added to the .htaccess but it is still not working. 

What about just adding

<cfheader name="Access-Control-Allow-Origin" value="https://www.mydomain.com">

or

<cfscript>

response = getPageContext().getResponse();

response.setHeader("Access-Control-Allow-Origin","https://www.mydomain.com");

</cfscript>

to the top of the page?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 03, 2014 Oct 03, 2014

Copy link to clipboard

Copied

Thanks BKBK.  I have tried both plus .htacess changes  to no avail.  I am still getting the same error message in the Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.mydomain.com/login.htm?_cf_containerId=signmein_body&_cf_nodebug=true&_cf_nocache=true&_.... This can be fixed by moving the resource to the same domain or enabling CORS.

I am ready to give up on cfwindow.  Either Firefox is not telling the truth or cfwindow is doing something non-standard.  But I need something to replace it that I will be able to pop up without clicking on a button.  I use cfwindow for signing in when I detect that the user is trying to enter a form without signing in. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 04, 2014 Oct 04, 2014

Copy link to clipboard

Copied

I would experiment some more. On which page do you add the header? You could experiment by placing it in the Application file. You could also replace the domain https://www.mydomain.com with the wildcard *.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 04, 2014 Oct 04, 2014

Copy link to clipboard

Copied

I have placed it on both the http calling page and the called https page.  I tried with the * as well. None is working.  I don't use an Application file.    It can't be possible that I am the only one having this issue.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 05, 2014 Oct 05, 2014

Copy link to clipboard

Copied

jackhuang wrote:

  I don't use an Application file.

Inadvisable in Coldfusion. You really should.

Anyway, there is another test you could do. It involves you adding an extra page, whose function is to set the CORS response header.

testpage1.cfm

<cfscript>

pc = getPageContext();

response = pc.getResponse();

response.setHeader("Access-Control-Allow-Origin","*");

pc.include("testpage2.cfm");

</cfscript>

testpage2.cfm

<cfajaximport tags="cfform, cfmessagebox, cfwindow">

<cfwindow bodystyle="background:white;font:12px/normal arial, Helvetica, sans-serif;" initShow="true" width="350" height="255" name="signin" resizable="false" center="true" closable="true" draggable="false" source="https://mydomain/login.htm"/> <!--- Attribute 'enter' deleted, as it is invalid, and replaced with 'center'. Attribute 'closable' added --->

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 05, 2014 Oct 05, 2014

Copy link to clipboard

Copied

Thank you for all your help.  I tried the test pages and they have exactly the same problem.  The cfwindow still showed blank page.

What is the purpose of Application.cfm?   The site seems to be running fine without it. You recommended

<cfapplication name="cfwintest"

    sessionmanagement="Yes"

    sessiontimeout="#createTimeSpan(0,0,20,0)#"

    applicationtimeout="#createTimeSpan(1,0,0,0)#">

Is this something that I shall add to root directory?  Does it mean that if the user is login and if there is no activity, it will timeout in 20 minutes (all cookie deleted)?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Oct 05, 2014 Oct 05, 2014

Copy link to clipboard

Copied

LATEST

Unsubscribe

Sent from my not so pocket sized computer

Scott Stroz

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation