Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 5 of 5 total
Thread Event handling
Thu, Nov 26 2015 11:26 AMPermanent Link

Matthew Jones

In this video, https://vimeo.com/113604459 at about 1 hour and 4 mins,
they show how to detect a sign out from a single sign in system.
Basically an iFrame with javascript, which calls an event (or something
I don't fully understand) to the parent frame. Is this possible to grab
in EWB? Would be darned handy...

--

Matthew Jones
Thu, Nov 26 2015 12:06 PMPermanent Link

Raul

Team Elevate Team Elevate

<<
"Matthew Jones" wrote:

In this video, https://vimeo.com/113604459 at about 1 hour and 4 mins,
they show how to detect a sign out from a single sign in system.
Basically an iFrame with javascript, which calls an event (or something
I don't fully understand) to the parent frame. Is this possible to grab
in EWB? Would be darned handy...
>>

I i understood it correctly then they have an iframe with script that checks login status (in this case whether cookie is there) and then calls a function of the parent page (i'm guessing thru window.parent).

Lot of this type of access is heavily locked down - meaning cross origin comes into play heavily here as well as general browser security. At the very least you need to control the both the main page and iframe content and load from same server.

In EWB world i think it just  boils down to whether we can call EWB app function from embedded TBrowser that is running a script.

Raul
Thu, Nov 26 2015 1:18 PMPermanent Link

Matthew Jones

<Raul> wrote:
> <<
> "Matthew Jones" wrote:
>
> In this video, https://vimeo.com/113604459 at about 1 hour and 4 mins,
> they show how to detect a sign out from a single sign in system.
> Basically an iFrame with javascript, which calls an event (or something
> I don't fully understand) to the parent frame. Is this possible to grab
> in EWB? Would be darned handy...
>>>
>
> I i understood it correctly then they have an iframe with script that
> checks login status (in this case whether cookie is there) and then calls
> a function of the parent page (i'm guessing thru window.parent).
>  
> Lot of this type of access is heavily locked down - meaning cross origin
> comes into play heavily here as well as general browser security. At the
> very least you need to control the both the main page and iframe content
> and load from same server.
>
> In EWB world i think it just  boils down to whether we can call EWB app
> function from embedded TBrowser that is running a script.
>
> Raul
>
>


It is definitely from another site because that way it gets cookie access.
It is though "just JavaScript" so can't be impossible. I haven't dug deep
yet.

--
Matthew Jones
Mon, Nov 30 2015 11:00 AMPermanent Link

Tim Young [Elevate Software]

Elevate Software, Inc.

Avatar

Email timyoung@elevatesoft.com

Matthew,

<< In this video, https://vimeo.com/113604459 at about 1 hour and 4 mins, they show how to detect a sign out from a single sign in system. Basically an iFrame with javascript, which calls an event (or something I don't fully understand) to the parent frame. Is this possible to grab in EWB? Would be darned handy... >>

I've looked into this a few times already, and yes, while it's certainly possible to do, it's a *lot* more complicated than I originally envisioned and I need to figure out a way to make sure that it's as bullet-proof as possible with EWB before proceeding with adding it to the component library, otherwise the complexity of OpenID, etc. becomes *my* problem, not Google's. Smile

Tim Young
Elevate Software
www.elevatesoft.com
Mon, Nov 30 2015 11:09 AMPermanent Link

Matthew Jones

Tim Young [Elevate Software] wrote:

> << In this video, https://vimeo.com/113604459 at about 1 hour and 4
> mins, they show how to detect a sign out from a single sign in
> system. Basically an iFrame with javascript, which calls an event (or
> something I don't fully understand) to the parent frame. Is this
> possible to grab in EWB? Would be darned handy... >>
>
> I've looked into this a few times already, and yes, while it's
> certainly possible to do, it's a lot more complicated than I
> originally envisioned and I need to figure out a way to make sure
> that it's as bullet-proof as possible with EWB before proceeding with
> adding it to the component library, otherwise the complexity of
> OpenID, etc. becomes my problem, not Google's. Smile

The good news, for now, is that we aren't going ahead with this on our
project. OpenID Connect is very nice, but the overhead of a server is a
lot higher right now than it could be. The most ideal one I found is
good, but to upgrade the code needs a new staging server and database
copy and all sorts, which given there will be some security update at
some point I find rather onerous and too high a cost for the scale we
are at.

So no hurry. 8-)

--

Matthew Jones
Image