Highlighted
Knowledge Partner
Knowledge Partner
1023 views

iPrint OES11 SP2 - March 2016 patch- can't display in iFrame

So it seems another change in the March 2016 patch is is that you can no longer display the iPrint URL in an iFrame anymore:

http://servername/ipp

Cannot be displayed in an iFrame. You get a blank page.
Changing to https has no effect.

Displaying separately (ie, using an href or something to launch a new window) works.

Have no idea what would change in the code that would prevent this.

We use this a lot in our Portal (https), and there's links that the users can click on for their own office/region to bring up the printer list so they can install printers.
If you use IE, you get this:

To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame.


Have no idea why Novell/MF would do this (quite odd), even if you're referencing an https link.
Makes no sense to me.
0 Likes
3 Replies
Highlighted
Absent Member.
Absent Member.

Re: iPrint OES11 SP2 - March 2016 patch- can't display in iFrame

On 04/11/2016 03:46 PM, kjhurni wrote:
>
> So it seems another change in the March 2016 patch is is that you can no
> longer display the iPrint URL in an iFrame anymore:
>
> http://servername/ipp
>
> Cannot be displayed in an iFrame. You get a blank page.
> Changing to https has no effect.
>
> Displaying separately (ie, using an href or something to launch a new
> window) works.
>
> Have no idea what would change in the code that would prevent this.
>
> We use this a lot in our Portal (https), and there's links that the
> users can click on for their own office/region to bring up the printer
> list so they can install printers.
> If you use IE, you get this:
>
>> To help protect the security of information you enter into this website,
>> the publisher of this content does not allow it to be displayed in a
>> frame.

>
> Have no idea why Novell/MF would do this (quite odd), even if you're
> referencing an https link.
> Makes no sense to me.
>
>


Probably due to:

Bug 947285 - Security Vulnerability:85582 - Web Application Potentially
Vulnerable to Click jacking (CVE Number :CVE-2015-5971)
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: iPrint OES11 SP2 - March 2016 patch- can't display in iF

Mysterious;2425435 wrote:
On 04/11/2016 03:46 PM, kjhurni wrote:
>
> So it seems another change in the March 2016 patch is is that you can no
> longer display the iPrint URL in an iFrame anymore:
>
> http://servername/ipp
>
> Cannot be displayed in an iFrame. You get a blank page.
> Changing to https has no effect.
>
> Displaying separately (ie, using an href or something to launch a new
> window) works.
>
> Have no idea what would change in the code that would prevent this.
>
> We use this a lot in our Portal (https), and there's links that the
> users can click on for their own office/region to bring up the printer
> list so they can install printers.
> If you use IE, you get this:
>
>> To help protect the security of information you enter into this website,
>> the publisher of this content does not allow it to be displayed in a
>> frame.

>
> Have no idea why Novell/MF would do this (quite odd), even if you're
> referencing an https link.
> Makes no sense to me.
>
>


Probably due to:

Bug 947285 - Security Vulnerability:85582 - Web Application Potentially
Vulnerable to Click jacking (CVE Number :CVE-2015-5971)


Thanks, I Found this as a workaround:
https://forums.novell.com/showthread.php/497456-modify-iprint-installation-web-page?p=2425440#post2425440

Surely there's some way to allow display in a frame and fix the vulnerability?

Or do most people just launch a bunch of extra pop-up windows?
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: iPrint OES11 SP2 - March 2016 patch- can't display in iFrame

On 04/11/2016 04:36 PM, kjhurni wrote:
>
> Mysterious;2425435 Wrote:
>> On 04/11/2016 03:46 PM, kjhurni wrote:
>>>
>>> So it seems another change in the March 2016 patch is is that you can

>> no
>>> longer display the iPrint URL in an iFrame anymore:
>>>
>>> http://servername/ipp
>>>
>>> Cannot be displayed in an iFrame. You get a blank page.
>>> Changing to https has no effect.
>>>
>>> Displaying separately (ie, using an href or something to launch a new
>>> window) works.
>>>
>>> Have no idea what would change in the code that would prevent this.
>>>
>>> We use this a lot in our Portal (https), and there's links that the
>>> users can click on for their own office/region to bring up the

>> printer
>>> list so they can install printers.
>>> If you use IE, you get this:
>>>
>>>> To help protect the security of information you enter into this

>> website,
>>>> the publisher of this content does not allow it to be displayed in a
>>>> frame.
>>>
>>> Have no idea why Novell/MF would do this (quite odd), even if you're
>>> referencing an https link.
>>> Makes no sense to me.
>>>
>>>

>>
>> Probably due to:
>>
>> Bug 947285 - Security Vulnerability:85582 - Web Application Potentially
>> Vulnerable to Click jacking (CVE Number :CVE-2015-5971)

>
> Thanks, I Found this as a workaround:
> https://forums.novell.com/showthread.php/497456-modify-iprint-installation-web-page?p=2425440#post2425440
>
> Surely there's some way to allow display in a frame and fix the
> vulnerability?
>
> Or do most people just launch a bunch of extra pop-up windows?
>
>


Well i will not call that a workaround. You are just removing the fix
for the vulnerability.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.