Login/Register
Opera won't load some JavaScript files
Asked Answered
Solved javascripthttpsopera
P

1

10

I have a web page that loads in an IFRAME, that runs correctly in IE and Firefox but not in Opera. Which I hate, because I've been an Opera user for years. And I wrote this thing. :-)

The problem is that Opera is not loading some of the JavaScript files that comprise the page. I suspect that it is related to the fact that the page itself is loaded via HTTPS and the included files via HTTP from a different host and port. I believe Opera allows that, but Dragonfly's Net tab doesn't even show an attempt to load them.

The page is a Rally "custom app", and I can't control the fact that it is loaded in an IFRAME or that it loads via HTTPS. I also can't control the fact that the included files are loaded from a different host, or that the host only supports HTTP. So I'm sorta stuck with mixed content.

Among other stuff, the page's HEAD element contains (sanitized a bit):

<script src="http://www.example.com:81/common/jquery-1.4.2.js"></script>
<script src="http://www.example.com:81/common/jsTree/jquery.jstree.js"></script>
<script src="http://www.example.com:81/common/utils_jserror.js"></script>
<script src="http://www.example.com:81/common/utils_logging.js"></script>
<script src="http://www.example.com:81/common/utils_print_r.js"></script>
<script src="http://www.example.com:81/common/utils_rally_query.js"></script>
<script src="http://www.example.com:81/common/json2.js"></script>
<script src="/slm/js/slm.js"></script>
<script src="/slm/js-lib/dojo/rally-1.3.1/dojo/dojo.js.uncompressed.js"></script>
<script src="/slm/mashup/1.18/js/batch-toolkit.js"></script>
<script src="/slm/mashup/1.18/js/utilities.js"></script>

ALL of the "/slm/..." stuff is getting loaded, and NONE of the "www.example..." stuff is.

Anybody got an idea what I'm doing wrong?

Percyperdido answered 28/3, 2011 at 20:17 Comment(7)
Are the scripts loaded from http from a regular server on the internet, or is this server on an intranet or local host?Nernst
did you try to start your addresses with // without mentioning the protocol. ex: src="//www.example.comHuddersfield
@hallvors: The "example.com" scripts are from a Windows server on the local intranet, and are not accessible from the public Internet. But they are accessible from the machine where the browser is running - if I cut & paste them into the address bar, the JavaScript source files are readable in the browser.Percyperdido
@karlcow: I never considered that. But I expect it will make the browser assume "https:", and the server in question will only do "http:". But it's worth a shot, thanks!Percyperdido
Comment by stk: "@Ross: Did you find a solution to this problem in the meantime? I incidentally have exactly the same problem, i.e. I also need this for a Rally app."Procreant
Not until you asked :-) But that brought hallvors around, and it looks like his answer is THE answer. I'll update after testing it out.Percyperdido
@DanielHilgarth: I used hallvors' <iframe...> suggestion to provoke the security prompt, putting the iframe into the source of the Rally menu frame. Life is good now :-)Percyperdido
N
14

Opera has a feature called cross-network protection. Basically it places some extra limitations on what pages from the internet can do with stuff on your local network.

The reason this feature exists, is the emergence of the so called "phish farm" exploits, where it was discovered that the HTTP-based config screens of some popular home routers / modems were so poorly secured that malicious web pages could rewrite your router settings - for example to configure it to use a proxy and pipe all your traffic through a malicious server. To counter this, Opera knows that some IP addresses are not used on the public web (such as 127.0.0.1 or 192.168.*) and it doesn't allow pages from a "public" site to load files or send requests to a "local" site.

You can reconfigure this on a per-site basis. The easiest thing is probably adding an IFRAME on the "public" site loading one of the resources from the local server. The IFRAME will show a "cross-domain request" warning page with some opt-in links. Click the link for always allowing local requests from that server, and voila - your cross-network app should now work again.

(Adding an IFRAME is as easy as viewing source, adding <iframe src="http://local/whatever/included/file.js"></iframe>, saving, and "Tools > Advanced > Reload from cache" )

Nernst answered 16/9, 2011 at 9:56 Comment(1)
Oh, that sounds REALLY promising! The server that Opera won't load from is on a 10.x.y.z address, which would probably match Opera's prohibition. I can't wait to try this solution out.Percyperdido

© 2022 - 2024 — McMap. All rights reserved.