sapnote_0001427124
2
07.03.2012 Page 1 of 2 SAP Note 1427124 - LTX - Cross-frame scripting has been denied by the browser Note Language: English Version: 5 Validity: Valid Since 04.02.2011 Summary Symptom In the WebClient UI you use the transaction launcher for integrating BOR objects with SAP GUI for HTML. On ending the launch transaction you get a popup with this error text: Cross-frame scripting has been denied by the browser for security reasons. Protocol or domain of the inline frame did not match with the main window. Then the protocol and domain of the inline frame are listed. Other terms Reason and Prerequisites Solution The URL in the browser address bar has the following composition: <protocol>://<host_name>.<domain>:<port>/... Compare the protocol in the address bar of your browser with the protocol of the inline frame. If they are not the same (one is HTTP and the other is HTTPS) then continue reading at "Protocol Mismatch". Compare the domain in the address bar of your browser with the domain of the inline frame. If they are not the same then continue reading at "Domain Mismatch". Related document at Microsoft ("About Cross-Frame Scripting and Security"): http://msdn.microsoft.com/en-us/library/ms533028%28VS.85%29.aspx Protocol Mismatch We have to ensure that the used protocols are the same to allow cross-frame scripting. There are three different ways to get this. The first two possibilities are static adjustments. The third possibility automatically uses the matching protocol: 1. Starting the WebClient UI with the protocol that is used within the inline frame. (Note that with a change of the protocol the port has to change accordingly. You can have a look at transaction SMICM, Goto - Services for a list of protocols and assigned ports.) 2. Starting the launch transaction with the protocol that is used for the WebClient UI. You can change this setting in field "URL of ITS" in transaction CRMS_IC_CROSS_SYS. (There can be multiple entries. In the executed launch transaction you can have a look in the status line of SAP GUI for HTML and get the system ID. This helps in identifying the correct line in CRMS_IC_CROSS_SYS.) 3. For a dynamic matching of protocol and port go into transaction CRMS_IC_CROSS_SYS and set the indicator "Local ITS" of the line that is used by your launch transaction. (For getting the correct line either have a look into the settings of the launch transaction or check the system ID within the executed launch transaction and deduce
Transcript of sapnote_0001427124
07.03.2012 Page 1 of 2
SAP Note 1427124 - LTX - Cross-frame scripting has beendenied by the browser
Note Language: English Version: 5 Validity: Valid Since 04.02.2011
Summary
SymptomIn the WebClient UI you use the transaction launcher for integrating BORobjects with SAP GUI for HTML. On ending the launch transaction you get apopup with this error text:Cross-frame scripting has been denied by the browser for security reasons.Protocol or domain of the inline frame did not match with the main window.Then the protocol and domain of the inline frame are listed.
Other terms
Reason and Prerequisites
SolutionThe URL in the browser address bar has the following composition:<protocol>://<host_name>.<domain>:<port>/...
Compare the protocol in the address bar of your browser with the protocolof the inline frame. If they are not the same (one is HTTP and the other isHTTPS) then continue reading at "Protocol Mismatch".
Compare the domain in the address bar of your browser with the domain ofthe inline frame. If they are not the same then continue reading at "DomainMismatch".
Related document at Microsoft ("About Cross-Frame Scripting and Security"):http://msdn.microsoft.com/en-us/library/ms533028%28VS.85%29.aspx
Protocol MismatchWe have to ensure that the used protocols are the same to allow cross-framescripting. There are three different ways to get this. The first twopossibilities are static adjustments. The third possibility automaticallyuses the matching protocol:
1. Starting the WebClient UI with the protocol that is used within theinline frame. (Note that with a change of the protocol the port has tochange accordingly. You can have a look at transaction SMICM, Goto -Services for a list of protocols and assigned ports.)
2. Starting the launch transaction with the protocol that is used for theWebClient UI. You can change this setting in field "URL of ITS" intransaction CRMS_IC_CROSS_SYS. (There can be multiple entries. In theexecuted launch transaction you can have a look in the status line ofSAP GUI for HTML and get the system ID. This helps in identifying thecorrect line in CRMS_IC_CROSS_SYS.)
3. For a dynamic matching of protocol and port go into transactionCRMS_IC_CROSS_SYS and set the indicator "Local ITS" of the line thatis used by your launch transaction. (For getting the correct lineeither have a look into the settings of the launch transaction orcheck the system ID within the executed launch transaction and deduce
07.03.2012 Page 2 of 2
SAP Note 1427124 - LTX - Cross-frame scripting has beendenied by the browser
the corresponding line.)Starting WEBCUIF701 SAP recommends to use option (3).
Domain MismatchIn general if the two domains have at least one common part then theconcept of domain relaxation can be used to allow the cross-framescripting.But as the WebClient UI only supports minimal domain relaxation, i.e. takethe fully qualified domain names and truncate the host names, then theremaining domain part has to be identical.
Header Data
Release Status: Released for CustomerReleased on: 04.02.2011 12:55:51Master Language: EnglishPriority: Correction with low priorityCategory: ConsultingPrimary Component: CA-WUI-APF Application Frame
Secondary Components:CRM-FRW-AFP Application Frame
Valid Releases
Software Component Release FromRelease
ToRelease
andSubsequent
WEBCUIF 701 701 701
