We set up new domains to forward to an application on our jboss platform. These new domains are used in the links on a pdf created with itext. They are shorter links to additional data, as we wanted to hide the full links. These links forward to our application correctly. The problem is that, when a link is clicked, adobe displays a dialog box (printed below) asking if the user wants to allow this connection. Unfortunately, every time the user clicks a link in the pdf, he will get the dialog box below. I read in the Adobe documentation that cross-domain access triggers a security warning. Have any of you encountered and solved this problem? Any help will be appreciated. Thanks.
Per Adobe:
Allow or block links to the Internet in PDFs
Clicking any link to the Internet poses a potential security risk. Malicious websites can transfer harmful content or silently gather data. If you are concerned about these risks, you can configure Acrobat and Reader to display a warning when a PDF attempts to connect to an Internet site.
You can allow Acrobat and Reader to contact selected websites by adding their addresses (URLs) to your list of trusted websites in the Trust Manager preferences. Alternatively, you can allow all URLs.
Note: If the options in the Manage Internet Access dialog box are disabled, select Custom Setting. If options are still disabled, your product could be under an administrator’s control with those restrictions in place.
Choose Edit > Preferences (Windows) or Acrobat/Adobe Reader > Preferences (Mac OS).
From the Categories on the left, select Trust Manager.
Click Change Settings to specify the default behavior for accessing the Internet from PDFs.
Choose from the following options:
To allow access to all URLs, select Allow PDF Files To Access All Web Sites.
To restrict access to all URLs, select Block PDF Files’ Access To All Web Sites.
To restrict access to only the URLs you specify, select Custom Setting.
To add a website, type its URL in the Host Name text box and click Allow or Block.
To remove a URL you no longer want to visit, select the website in the list and click Delete.
To specify what the program should do with websites not in your custom list, select one of these options: Always Ask, Allow Access, Block Access.
For more information, see the Application Security Guide at http://www.adobe.com/go/learn_acr_appsecurity_en.
Note: If you open a protected PDF and receive a prompt to allow or block a URL, select Remember My Action For This Site. This reply adds the URL to this list.
Related
The website is developed in WordPress. It looks perfect on chrom/Firefox browsers but its not looking perfect on safari browser
Can someone help to understand what it the issue and how can i fix it?
If Safari doesn't load a page or webpage items are missing
Check Safari extensions, or try removing cookies, cache, and other website data if a webpage or site doesn't load on your Mac.
Use the steps in this article if this happens in Safari on your Mac:
You can’t log in to a secure website.
A webpage repeatedly reloads or redirects.
A message on a webpage tells you to remove or reset cookies.
Some images, videos, or other items aren't displayed on a webpage, but other page elements load.
Check Parental Controls
If you're logged into a user account that is restricted by Parental Controls or other web filtering software, some pages or page elements might not load if those sites aren't allowed. For example, embedded videos might not display if they're hosted on a site other than the one you're viewing.
Check with your administrator to see if you can get access to the site that you're trying to view.
Check Safari extensions
Some Safari extensions that block ads or other website content can prevent some page elements from displaying. You can temporarily turn off extensions, then re-load the page to see if this is the issue.
Choose Safari > Preferences.
Click Extensions.
Select an extension, then deselect the checkbox "Enable… extension." Repeat this step for every extension that's currently installed.
Reload the page by choosing Choose View > Reload in Safari. If the webpage loads correctly, one or more extensions was blocking the content from loading. Re-enable an extension, then reload the page again to determine which extension is blocking the content you want to view.
If the website still doesn't load with all of your extensions disabled, try the next steps in this article.
If Safari doesn't load pages from a specific site
If only one webpage or website isn't working, you can remove data related to that site to see if it fixes the issue. Use these steps to remove cookies, cache, and other data stored by Safari for a specific site:
Choose Safari > Preferences.
Click the Privacy icon.
Click the Details button.
Search for the name or domain of the website whose data you want to remove.
In the results list, click the domain (like example.com) that has data you want to remove.
Click Remove.
When you're finished, click Done and close the preferences window.
remove history, cookies, cache, website data, for a specific site
If you used the Private Browsing feature of Safari when visiting a website, you might not see the site listed here.
If Safari doesn't load pages from multiple sites
In OS X Yosemite, you can delete website data for the past hour, or past few days if websites or pages stopped loading recently.
Choose History > Clear History and Website Data.
In the sheet that appears, choose the range of data you want to remove from the Clear pop-up menu.
Click Clear History.
remove history, cookies, cache, website data
If you want to remove website data for all of the sites and pages you've ever visited, choose "all history" from the Clear pop-up menu. The option to Remove All Website Data in the Privacy pane of Safari preferences does this, too. These options also reset your browsing history and Top Sites.
I am trying to download (backup) images that customers upload for products that take custom logos (these are typically JPG, PNG, PDF, etc.) These customer files are downloadable by clicking on a hyperlink in the BigCommerce admin page for the order in question. The link is not a link to the image path but instead, a link to a service that sends the file to the browser. In other words, you have to be authenticated into the admin site to download the file. The URL looks like this:
https://mystore.com/internalapi/v1/orders/383945/products/251438/attributes/561518/download
https://mystore.com/internalapi/v1/orders/{order id}/products/{lineItem id}/attributes/{option id}/download
These are easily constructed in the API itself for a given order. If I use the link in a browser tab while I'm logged into the admin site, the file downloads.
But what I am trying to write an app to automatically download all the files (there are thousands). When I try to use this URL in an app, I get a authentication error. I tried at first using my regular API credentials but then used the credentials to log into the admin site. Both give me an authentication error.
I could not find anything documented on this so-called "internalapi." Anyone ever try to use this "internal" API that is used by the admin site?
I believe authentication is cookie based for that internal API, but there could be problems with using our non-publicly documented internal APIs in production, i.e. we may make future updates that would be breaking changes.
Images attached to orders through a file upload option also get copied to WebDAV, in the dav/product_images/configured_products folder. Another way to do this could be to use a WebDAV client library like easywebdav to connect and download the files.
Is it possible to open dropbox chooser in an iframe.
I've followed the doc to integrate chooser in my application, but when clicking on the chooser button it opens in a browser window.
I've seen some applications which opens Dropbox chooser within their application in a modal popup. Is it possible?
This is technically possible, but we (Dropbox) need to specifically allow it for your app. By default, nothing on dropbox.com will allow itself to be put in an iframe for security reasons. (E.g. take a look at "clickjacking.")
We usually won't change that policy, but we do sometimes make exceptions for larger customers who we can work with directly on the security implications.
We have a sharepoint site that is used both internally and externally. Internal users are authentication via AD and there are no issues. The external users are authenticated using STS and the Portal User Table. However whenever an external user tries to open a document they have to re-enter their login credentials.
This happens everytime they open a document unless they happen to have left the application that the document is read in is left open, i.e. if they open a word document, leave it open and then open another word document then they don't get asked for credentials.
This is obviously a royal pain as we are using the site for document review, revision and collaboration. Our systems team say this is working as designed and there is nothing that can be done about it. Is there any practical way to resolve this without the external users having to specifically configure something on their own system or network?
Thanks
Jim
Here is a solution I found quite some time ago..
In Internet Explorer, click on Tools and select Manage add-ons
Highlight Toolbars and Extensions in left navigation.
Locate SharePoint OpenDocuments Class
Right-click and click the Disable button
Close and refresh browser
I have a facebook iframe app I'm trying to test using a WebBrowser Control on a form in VB.NET 2010. Whenever I try to access the WebBrowser.Document.Window.Frames frame object on a document where my app is showing in the broswer, I get an Access Denined exception. Reading around on the web, I see people saying that this is to keep scripts in a document from accessing content in iframes that are pulling content from another domain, as per 'http://msdn.microsoft.com/en-us/library/ms533028.aspx', for security reasons.
While I totally understand why this is done for the general public, how can I disable it on my machine so that I can run these tests? I can't properly test my app without doing it in the facebook iframe and using the WebBrowser control is the only way I know to do this test programmatically.
Any ideas? I'm on windows server 2003 and ie8, .net4.0, if that helps. I own the domain where the app is, and its in AS.NET MVC2, so if there's anything I can do to the web code to enable this??? I also removed the Internet Explorer ENhanced Security COnfiguaration component, but that didn't help.
Thanks,
Philip
Have you tried changing your Internet Explorer settings to enable cross domain scripting?
I believe the VB.Net Web Browser control inherits settings from the local copy of IE.
Try this:
From Internet Explorer, choose Internet Options from the Tools menu.
On the Security tab of the Internet Options dialog box, select the Local Intranet Web Content Zone and then click Custom Level.
Locate the Miscellaneous/Access Data Sources Across Domains setting, and then select Enable, as shown in Figure 2.
Click OK, and then click Yes to the warning dialog box that appears.
Click OK to close the Internet Options dialog box.
Also try adding the Facebook https Url into your trusted sites.
As a last resort disable Native XMLHttp in IE and attempt to revert back to an older version of the XMLHttp object.