Tutorial :Security error in cross domain iframe



Question:

I have a click tracker for a client. The tracker is nothing but a javascript snippet which writes an iframe(a different domain) into the page.

If I have a normal iframe I am able to track clicks more accuratley(I compare the data from another tracking solution) than when the iframe is secure(the site is accessed over ssl).

While trying to debug the issue, I came across a scenario, where the iframe had a security error. It said something to the extent that the Secure Certificate was not Valid.

The problem now is, I could see this error only once, after which I could not reproduce it. Is there any way I can replicate the error? Is there any way I can figure out why I am tracking less clicks if the iframe is secured?

Technology Stack:
dotNet framework 3.5
OS: Win 2003 server
Web server: IIS 6.0
SSL Certificate Issuer: Go Daddy.


Solution:1

iframes should be sharing the same domain for example foo.com and subdomain.foo.com is not the same SSL wise.


Solution:2

The range of permissible access for a page can be expanded when a script assigns the document.domain property to a suffix of the site name space, up to the second-level domain. For example, a page on www.microsoft.com can assign the document.domain propertyâ€"initially www.microsoft.comâ€"as microsoft.com to broaden access to include pages in home.microsoft.com or any other site, as long as the other pages also set the document.domain property to the identical value. About Cross-Frame Scripting and Security : MSDN


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »