Django – Iframe – Internt explorer : problems SEC7111


I’m recently making the use of Iframe and postmessages for running a project. I run into problems while testing it for Internet Explore (not a news).

The fact is, IE is pretty bad also at stating errors, the only things that it says is that the form where blocked for security reason saying

SEC7111

I initially thought of the X-Frame-Option, and with django you can fix it by annotating the view with @xframe_options_exempt. This works but not when you POST to a view within the Iframe. This beacuse Django uses CSRF cookie while IE blocks cookie of  a third party.

The soluition is pretty easy: THERE’S NO SOLUTION. As explained in this ticket.  The best one seems to be the one of not using Iframe. Or to remove CSRF for that specific view.

A thing that took me forever to solve this problem is the fact that django can’t show you the page 403 since it’s protected for Iframing (you need to rewrite the 403handler, maybe the 403csrfhandler if existsts) and then IE tells you that the page can’t be displayed for security reasons, which at first sights it’s impossible to grasp the reason.

 

 

Annunci

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione /  Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione /  Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione /  Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione /  Modifica )

w

Connessione a %s...