redhog / ep_fileupload

File upload plugin for Etherpad Lite
http://redhog.org/ep_fileupload
7 stars 13 forks source link

Uncaught SecurityError #25

Open skupfer opened 7 years ago

skupfer commented 7 years ago

Upload doesn't work. Most recent git version aka ep 1.6.1

[2017-07-05 21:01:08.482] [WARN] client - Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://pad.net" from accessing a cross-origin frame. -- { errorId: 'icFcYaBagbdrh6Lcg0tX',
  msg: 'Uncaught SecurityError: Failed to read the \'contentDocument\' property from \'HTMLIFrameElement\': Blocked a frame with origin "https://pad.net" from accessing a cross-origin frame.',
  url: 'https://pad.net/p/test',
  linenumber: 1,
  userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36' }

EDIT 08-July-17: This seems to be related to the usage of a reverse proxy in-front of the pad. It is working in my virtual machine. Needs to be fixed through code. (i have seen your commit to fix it, but it doesn't work for me, proxy setup from etherpad wiki)

EDIT 14-July-17: Seems like a reverse proxy / security options issue... The development stopped here, too, right?

EDIT 20-Oct-17: This explains the issue very well... ajaxupload was not made for this: https://stackoverflow.com/questions/25098021/securityerror-blocked-a-frame-with-origin-from-accessing-a-cross-origin-frame Maybe https://fineuploader.com/ can be used instead (successor)

rasos commented 7 years ago

Same here, the iframe in the ajaxupload.js seems to be the problem which apache does not assign to the same domain. Experimented with Header always set X-Frame-Options without success.