Bug with showModalDialog and token authorized services

PhilipKnight1 · ‎03-27-2015

Regardless of my cookie settings in IE, whenever I open a page via "window.showModalDialog" that uses a "tokenized" service I get the below pop-up:

If I use "window.open" instead, the issue is not present. This prompt occurs for each feature layer that I use, so for my app I have 24 prompts (24 layers), which is just not acceptable. Is there some parameter I can pass during the instantiation of the layer that will prevent this?

Below is some sample code that shows the issue:



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
   <head>
   <title></title>
   </head>
   <body>
   <button onclick="myFunction()">Copy Text</button>
   </body>
   <script>
   function myFunction() 
   {
  window.showModalDialog('http://developers.arcgis.com/javascript/samples/layers_label/', '0', 'resizable:1;dialogHeight:' + 600+ 'px;dialogWidth:' + 800+ 'px');
   
   }
   </script>
</html>

PhilipKnight1 · ‎04-16-2015

I was finally able to solve the issue. I was able to solve the issue by moving our site from the Trusted sites zone to the Intranet zone.

The reason this works is because the Intranet zone by default will accept all cookies. Internet zone cookie settings are determined by the Privacy tab, Trusted sites zone by default prompts for all cookies, Restricted zone blocks all cookies. There is an option to override these settings by importing a P3P xml file into IE, but that seemed to be unsuccessful , so I think we will just have to live with having the site in the Intranet zone. This will obviously have to be done for each users machine. I already did for the Server machine, as the desktop you set up for us didn’t seem to be up and running. This might require that the settings for Trusted Sites have to also be set for the Intranet zone, but since it’s working for the server machine I assume that all the other desktop user machines are also using those settings for the Intranet zone.

View solution in original post

KellyHutchins · ‎03-30-2015

I suspect this is due to an IE browser setting that specifies that uses should be prompted to accept cookies. You'll need to disable this in your browser settings to get rid of the error. Some more info is here although depending on the version of IE you are using the location for disabling/enabling this setting may have changed.

Microsoft Internet Explorer Cookie Filtering | Security content from Windows IT Pro

PhilipKnight1 · ‎03-30-2015

I've tried all of those setting without success. Allowing all or denying all and nothing works.

I've done quite a bit of googling on this and I don't think it's simply a setting. I believe it is either a bug with ESRI, the DOJO api you use, or IE. The pop-up is not like the nomral cookie prompt. It is somethign different. Is this something that ESRI can investigate Kelly Hutchins?

javascript showModalPopup Silverlight "This page has an unspecified potential security risk"

http://community.norton.com/en/forums/windows-security-warning-cookies

"Windows Security Warning" dialog box cannot be dismissed | Microsoft Connect

KellyHutchins · ‎03-30-2015

I don't think this message is due to the JSAPI or Dojo if I google the exact message you are getting it looks like a standard error message. Information About the Security Alert Message for Cookies in Internet Explorer and Outlook Express

For issues like this where you suspect a bug in the software and want Esri to investigate your best bet is to contact Esri Support. They have the resources to help you troubleshoot the problem. Contact info for Esri support can be found here:

Esri Support

Edit: Just to verify I updated your test case to open http://www.cnn.com and got the same cookie error messages.

PhilipKnight1 · ‎04-16-2015

I was finally able to solve the issue. I was able to solve the issue by moving our site from the Trusted sites zone to the Intranet zone.

The reason this works is because the Intranet zone by default will accept all cookies. Internet zone cookie settings are determined by the Privacy tab, Trusted sites zone by default prompts for all cookies, Restricted zone blocks all cookies. There is an option to override these settings by importing a P3P xml file into IE, but that seemed to be unsuccessful , so I think we will just have to live with having the site in the Intranet zone. This will obviously have to be done for each users machine. I already did for the Server machine, as the desktop you set up for us didn’t seem to be up and running. This might require that the settings for Trusted Sites have to also be set for the Intranet zone, but since it’s working for the server machine I assume that all the other desktop user machines are also using those settings for the Intranet zone.