Bug #21546
closedhtmlArea RTE: RTE fails to load due to security error
Added by sardariu about 15 years ago. Updated about 6 years ago.
0%
Description
When I access the rtehtmlarea from the inside server name, lets say http://server/
everything it is ok and all the rte objects are loading.
But if I try to access outside of my network... let's say www.domain.com/typo3 the rte is not loading.
I have this problem in firefox every version up to 3+, with typo3 4.2.9.
I tried some solution for this problem but nothing works.
I need to specify that the server name is different from the domain name.
Firefox 3.5.5
In IE7 it works ok on both addresses
(issue imported from #M12583)
Files
test.png (8.25 KB) test.png | Administrator Admin, 2009-11-13 15:37 | ||
rtehtmlarea_bugfix_12583_trunk.patch (884 Bytes) rtehtmlarea_bugfix_12583_trunk.patch | Administrator Admin, 2010-08-24 05:15 |
Updated by Stanislas Rolland about 15 years ago
Please enable troubleshooting mode using the Extension Manager, and report here the log that is then displayed below the RTE editing area when the RTE is loaded.
Updated by sardariu about 15 years ago
On the internal server I receive fallowing message:
[HTMLArea::init]: All scripts successfully loaded.
[HTMLArea::init]: Editor url set to: /typo3/sysext/rtehtmlarea/htmlarea/
[HTMLArea::init]: Editor skin CSS set to: /typo3/sysext/t3skin/rtehtmlarea/htmlarea.css
[HTMLArea::init]: Editor content skin CSS set to: http://vmlintypo3prod/typo3/sysext/t3skin/rtehtmlarea/htmlarea-edited-content.css
[HTMLArea::initEditor]: Initializing editor with editor Id: data[tx_cenitjobsuche_jobs]555[joblongtext].
[HTMLArea::registerPlugin]: Plugin DefaultInline was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockStyle was successfully registered.
[HTMLArea::registerPlugin]: Plugin CharacterMap was successfully registered.
[HTMLArea::registerPlugin]: Plugin UserElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Link was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Color was successfully registered.
[HTMLArea::registerPlugin]: Plugin FindReplace was successfully registered.
[HTMLArea::registerPlugin]: Plugin RemoveFormat was successfully registered.
[HTMLArea::registerPlugin]: Plugin DefaultClean was successfully registered.
[HTMLArea::registerPlugin]: Plugin TableOperations was successfully registered.
[HTMLArea::registerPlugin]: Plugin AboutEditor was successfully registered.
[HTMLArea::registerPlugin]: Plugin ContextMenu was successfully registered.
[HTMLArea::generate]: Toolbar successfully created.
[HTMLArea::generate]: Editor iframe successfully created.
[HTMLArea::initIframe]: Iframe baseURL set to: http://vmlintypo3prod/typo3/
[HTMLArea::initIframe]: Skin CSS set to: http://vmlintypo3prod/typo3/sysext/t3skin/rtehtmlarea/htmlarea-edited-content.css
[HTMLArea::initIframe]: Override CSS set to: http://vmlintypo3prod/typo3temp/rtehtmlarea/defaultPageStyle_d46e3836f22368361b27.css
[HTMLArea::initIframe]: Content CSS set to: http://vmlintypo3prod/fileadmin/templates/css/content.css
[HTMLArea::initIframe]: Editor iframe head successfully initialized.
[HTMLArea::initIframe]: Failed attempt at loading stylesheets: [Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://internal_server/typo3temp/rtehtmlarea/htmlarea_1ffe46f20ad075355b9c.js Line: 1079"] Retrying...
Updated by sardariu about 15 years ago
And on the outside domain, where we have the problem loading the rte, I receive:
The editor is being loaded. Please wait...
o Block style:
Path:
[HTMLArea::init]: All scripts successfully loaded.
[HTMLArea::init]: Editor url set to: /typo3/sysext/rtehtmlarea/htmlarea/
[HTMLArea::init]: Editor skin CSS set to: /typo3/sysext/t3skin/rtehtmlarea/htmlarea.css
[HTMLArea::init]: Editor content skin CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3/sysext/t3skin/rtehtmlarea/htmlarea-edited-content.css
[HTMLArea::initEditor]: Initializing editor with editor Id: data[tx_cenitjobsuche_jobs]555[joblongtext].
[HTMLArea::registerPlugin]: Plugin DefaultInline was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockStyle was successfully registered.
[HTMLArea::registerPlugin]: Plugin CharacterMap was successfully registered.
[HTMLArea::registerPlugin]: Plugin UserElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Link was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Color was successfully registered.
[HTMLArea::registerPlugin]: Plugin FindReplace was successfully registered.
[HTMLArea::registerPlugin]: Plugin RemoveFormat was successfully registered.
[HTMLArea::registerPlugin]: Plugin DefaultClean was successfully registered.
[HTMLArea::registerPlugin]: Plugin TableOperations was successfully registered.
[HTMLArea::registerPlugin]: Plugin AboutEditor was successfully registered.
[HTMLArea::registerPlugin]: Plugin ContextMenu was successfully registered.
[HTMLArea::generate]: Toolbar successfully created.
[HTMLArea::generate]: Editor iframe successfully created.
[HTMLArea::initIframe]: Iframe baseURL set to: http://www.cenit.de/typo3/
[HTMLArea::initIframe]: Skin CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3/sysext/t3skin/rtehtmlarea/htmlarea-edited-content.css
[HTMLArea::initIframe]: Override CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3temp/rtehtmlarea/defaultPageStyle_d46e3836f22368361b27.css
[HTMLArea::initIframe]: Content CSS set to: http://vmlintypo3prod.de.cenit-group.com/fileadmin/templates/css/content.css
[HTMLArea::initIframe]: Editor iframe head successfully initialized.
[HTMLArea::initIframe]: Failed attempt at loading stylesheets: [Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://www.cenit.de/typo3temp/rtehtmlarea/htmlarea_1ffe46f20ad075355b9c.js Line: 1079"] Retrying...
[HTMLArea::initEditor]: Initializing editor with editor Id: data[tx_cenitjobsuche_jobs]555[jobtasks].
[HTMLArea::registerPlugin]: Plugin DefaultInline was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockStyle was successfully registered.
[HTMLArea::registerPlugin]: Plugin CharacterMap was successfully registered.
[HTMLArea::registerPlugin]: Plugin UserElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Link was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Color was successfully registered.
[HTMLArea::registerPlugin]: Plugin FindReplace was successfully registered.
[HTMLArea::registerPlugin]: Plugin RemoveFormat was successfully registered.
[HTMLArea::registerPlugin]: Plugin DefaultClean was successfully registered.
[HTMLArea::registerPlugin]: Plugin TableOperations was successfully registered.
[HTMLArea::registerPlugin]: Plugin AboutEditor was successfully registered.
[HTMLArea::registerPlugin]: Plugin ContextMenu was successfully registered.
[HTMLArea::generate]: Toolbar successfully created.
[HTMLArea::generate]: Editor iframe successfully created.
[HTMLArea::initIframe]: Iframe baseURL set to: http://www.cenit.de/typo3/
[HTMLArea::initIframe]: Skin CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3/sysext/t3skin/rtehtmlarea/htmlarea-edited-content.css
[HTMLArea::initIframe]: Override CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3temp/rtehtmlarea/defaultPageStyle_d46e3836f22368361b27.css
[HTMLArea::initIframe]: Content CSS set to: http://vmlintypo3prod.de.cenit-group.com/fileadmin/templates/css/content.css
[HTMLArea::initIframe]: Editor iframe head successfully initialized.
[HTMLArea::initIframe]: Failed attempt at loading stylesheets: [Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://www.cenit.de/typo3temp/rtehtmlarea/htmlarea_1ffe46f20ad075355b9c.js Line: 1079"] Retrying...
[HTMLArea::initEditor]: Initializing editor with editor Id: data[tx_cenitjobsuche_jobs]555[jobprofile].
[HTMLArea::registerPlugin]: Plugin DefaultInline was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin BlockStyle was successfully registered.
[HTMLArea::registerPlugin]: Plugin CharacterMap was successfully registered.
[HTMLArea::registerPlugin]: Plugin UserElements was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Link was successfully registered.
[HTMLArea::registerPlugin]: Plugin TYPO3Color was successfully registered.
[HTMLArea::registerPlugin]: Plugin FindReplace was successfully registered.
[HTMLArea::registerPlugin]: Plugin RemoveFormat was successfully registered.
[HTMLArea::registerPlugin]: Plugin DefaultClean was successfully registered.
[HTMLArea::registerPlugin]: Plugin TableOperations was successfully registered.
[HTMLArea::registerPlugin]: Plugin AboutEditor was successfully registered.
[HTMLArea::registerPlugin]: Plugin ContextMenu was successfully registered.
[HTMLArea::generate]: Toolbar successfully created.
[HTMLArea::generate]: Editor iframe successfully created.
[HTMLArea::initIframe]: Iframe baseURL set to: http://www.cenit.de/typo3/
[HTMLArea::initIframe]: Skin CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3/sysext/t3skin/rtehtmlarea/htmlarea-edited-content.css
[HTMLArea::initIframe]: Override CSS set to: http://vmlintypo3prod.de.cenit-group.com/typo3temp/rtehtmlarea/defaultPageStyle_d46e3836f22368361b27.css
[HTMLArea::initIframe]: Content CSS set to: http://vmlintypo3prod.de.cenit-group.com/fileadmin/templates/css/content.css
[HTMLArea::initIframe]: Editor iframe head successfully initialized.
[HTMLArea::initIframe]: Failed attempt at loading stylesheets: [Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://www.cenit.de/typo3temp/rtehtmlarea/htmlarea_1ffe46f20ad075355b9c.js Line: 1079"] Retrying...
[HTMLArea::initIframe]: Failed attempt at loading stylesheets: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "http://www.cenit.de/typo3temp/rtehtmlarea/htmlarea_1ffe46f20ad075355b9c.js Line: 1079"] Retrying...
Updated by Stanislas Rolland about 15 years ago
Your stylesheets are on a different domain than the page which contains the RTE instance. Security restrictions in Javascript prevent the RTE scripts from accessing the styleheets. You need to move the css files to the same domain as the HTML document which contains the RTE instance.
Updated by sardariu about 15 years ago
You mean thet the typo3 sources are on a different location than the stylesheets.
I have the stylesheets in the fileadmin/templates/css
and the templates for the pages in fileadmin/templates.
I need to move all the css in fileadmin/templates or only the css that is set in the the rte...
All the files are on same server.
Updated by Stanislas Rolland about 15 years ago
I mean that the scripts are in www.cenit.de, but the css files are in vmlintypo3prod.de.cenit-group.com.
Updated by sardariu about 15 years ago
is not quite correctly.. All the files for the frontend are in same location.
It is possible to have the typo3 source file on other server.. I need to ask my admin.
I had problems with other extensions when the URL was written. With the t3lib_div::getIndpEnv('TYPO3_SITE_URL') it return the all path like before vmlintypo3prod.de.cenit-group.com and it wasn't accesible from frontend, but with $GLOBALS['TSFE']->baseUrl it returns www.cenit.de
It is possible that here should be the problem?
Thanks!
Updated by Stanislas Rolland about 15 years ago
Did you try to set the ip address with the install tool by setting [SYS][reverseProxyIP] ?
Updated by sardariu about 15 years ago
I will check this.
I looked up on my server files. The fileadmin folder is on a different path than the typo3 sources.
The typo3 files are sym links from a previous path.
Updated by Bernhard Müller-Wirtz over 14 years ago
I have same problem with unloading RTE since I updated to TYPO3 4.4.0.
Troubleshooting log told me --->
[HTMLArea::init]: Editor url set to: sysext/rtehtmlarea/htmlarea/
[HTMLArea::init]: Editor skin CSS set to: sysext/rtehtmlarea/htmlarea/skins/default/htmlarea.css?1277369433
[HTMLArea::init]: Editor content skin CSS set to: sysext/rtehtmlarea/htmlarea/skins/default/htmlarea-edited-content.css?1277369433
[HTMLArea::initEditor]: Initializing editor with editor Id: data[tt_content]1[bodytext].
[HTMLArea.Editor::registerPlugin]: Plugin EditorMode was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin InlineElements was successfully registered.
[HTMLArea.Config::registerHotKey]: A hotkey with key n was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 1 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 2 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 3 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 4 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key l was registered for toolbar item JustifyLeft.
[HTMLArea.Config::registerHotKey]: A hotkey with key e was registered for toolbar item JustifyCenter.
[HTMLArea.Config::registerHotKey]: A hotkey with key r was registered for toolbar item JustifyRight.
[HTMLArea.Config::registerHotKey]: A hotkey with key j was registered for toolbar item JustifyFull.
[HTMLArea.Editor::registerPlugin]: Plugin BlockElements was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin CharacterMap was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin Acronym was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3Image was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3Link was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3Color was successfully registered.
I see no problems on all?
Updated by Stanislas Rolland over 14 years ago
@Bernhard: The loading process is not complete. Please report the error raised on the JS Console, after unsetting script compression in the EM. Please report also the value of Page TSConfig properties showButtons and hideButtons.
Updated by Bernhard Müller-Wirtz over 14 years ago
I exclude show and hide Buttons and really it worked!
Here the Log
[HTMLArea::init]: Editor url set to: sysext/rtehtmlarea/htmlarea/
[HTMLArea::init]: Editor skin CSS set to: sysext/rtehtmlarea/htmlarea/skins/default/htmlarea.css?1277482780
[HTMLArea::init]: Editor content skin CSS set to: sysext/rtehtmlarea/htmlarea/skins/default/htmlarea-edited-content.css?1277482780
[HTMLArea::initEditor]: Initializing editor with editor Id: data[tt_content]1[bodytext].
[HTMLArea.Editor::registerPlugin]: Plugin EditorMode was successfully registered.
[HTMLArea.Config::registerHotKey]: A hotkey with key b was registered for toolbar item Bold.
[HTMLArea.Config::registerHotKey]: A hotkey with key i was registered for toolbar item Italic.
[HTMLArea.Editor::registerPlugin]: Plugin InlineElements was successfully registered.
[HTMLArea.Config::registerHotKey]: A hotkey with key n was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 1 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 2 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 3 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key 4 was registered for toolbar item FormatBlock.
[HTMLArea.Config::registerHotKey]: A hotkey with key TAB was registered for toolbar item Indent.
[HTMLArea.Config::registerHotKey]: A hotkey with key SHIFT-TAB was registered for toolbar item Outdent.
[HTMLArea.Editor::registerPlugin]: Plugin BlockElements was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin BlockStyle was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin CharacterMap was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TextStyle was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3Image was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3Link was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TextIndicator was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin FindReplace was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin RemoveFormat was successfully registered.
[HTMLArea.Config::registerHotKey]: A hotkey with key 0 was registered for toolbar item CleanWord.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3HtmlParser was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TableOperations was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin AboutEditor was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin ContextMenu was successfully registered.
[HTMLArea.Config::registerHotKey]: A hotkey with key z was registered for toolbar item Undo.
[HTMLArea.Config::registerHotKey]: A hotkey with key y was registered for toolbar item Redo.
[HTMLArea.Editor::registerPlugin]: Plugin UndoRedo was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin CopyPaste was successfully registered.
[HTMLArea.Editor::registerPlugin]: Plugin TYPO3Color was successfully registered.
[HTMLArea.Iframe::createHead]: Iframe baseURL set to: http://www.cdu-nettetal.de/typo3/
[HTMLArea.Iframe::createHead]: Skin CSS set to: sysext/rtehtmlarea/htmlarea/skins/default/htmlarea-edited-content.css?1277482780
[HTMLArea.Iframe::createHead]: Override CSS set to: ../typo3temp/rtehtmlarea/defaultPageStyle_cd162bf0e96d7c2f5b7d.css?1277468937
[HTMLArea.Iframe::createHead]: Content CSS set to: ../fileadmin/templates/css/rte.css?1277290763
[HTMLArea.Iframe::createHead]: Editor iframe document head successfully built.
[HTMLArea.Iframe::getStyleSheets]: Stylesheets not yet loaded ([Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://www.cdu-nettetal.de/typo3temp/rtehtmlarea/htmlarea_cumulative_83915d4f6b503b0e13df.js?1277482906 Line: 973"]). Retrying...
[HTMLArea.Iframe::getStyleSheets]: Stylesheets not yet loaded ([Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://www.cdu-nettetal.de/typo3temp/rtehtmlarea/htmlarea_cumulative_83915d4f6b503b0e13df.js?1277482906 Line: 973"]). Retrying...
[HTMLArea.Iframe::getStyleSheets]: Stylesheets not yet loaded ([Exception... "A parameter or an operation is not supported by the underlying object" code: "15" nsresult: "0x8053000f (NS_ERROR_DOM_INVALID_ACCESS_ERR)" location: "http://www.cdu-nettetal.de/typo3temp/rtehtmlarea/htmlarea_cumulative_83915d4f6b503b0e13df.js?1277482906 Line: 973"]). Retrying...
[HTMLArea.Iframe::getStyleSheets]: Stylesheets successfully accessed.
[BlockStyle::getJavascriptFile]: Requesting script ../typo3temp/rtehtmlarea/classes__3dd0a71297f3fdf54b57.js?1277468937
[TextStyle::getJavascriptFile]: Requesting script ../typo3temp/rtehtmlarea/classes__3dd0a71297f3fdf54b57.js?1277468937
[TYPO3Link::getJavascriptFile]: Requesting script ../typo3temp/rtehtmlarea/classesAnchor_0_4eb04c96de9eb05aeb5f.js?1277459466
[HTMLArea.Editor::generatePlugins]: All plugins successfully generated.
[BlockStyle::getJavascriptFile]: Requesting script ../typo3temp/rtehtmlarea/classes__3dd0a71297f3fdf54b57.js?1277468937
[HTMLArea.Editor::start]: Editor ready.
[BlockStyle::generate]: Javascript file successfully evaluated: ../typo3temp/rtehtmlarea/classes__3dd0a71297f3fdf54b57.js?1277468937
[TYPO3Link::ongenerate]: Javascript file successfully evaluated: ../typo3temp/rtehtmlarea/classesAnchor_0_4eb04c96de9eb05aeb5f.js?1277459466
Here the the show and hide Buttons used before
showButtons = formatblock,textcolor,textindicator,bgcolor,emoticon,fontsize, left, center, right, justifyfull,class, imagestyle, textstylelabel, blockstylelabel, bold, chMode, italic, acronym, copy, cut, paste, orderedlist, unorderedlist, insertcharacter, link, unlink,image, removeformat, table, toggleborders, tablerestyle,tableproperties, rowproperties, rowinsertabove, rowinsertunder, rowdelete, rowsplit, columninsertbefore, columninsertafter, columndelete, columnsplit, cellproperties, cellinsertbefore, cellinsertafter, celldelete, cellsplit, cellmerge, findreplace, insertcharacter, undo, redo, showhelp, about, line,
hideButtons = user, variable,span,small,sample,quotation,monospaced,keyboard,insertedtext,emphasis,deletedtext,code,citation,big,bidioverride,formattext,definition,definitionlist, definitionitem,showlanguagemarks,language,insertparagraphbefore, insertparagraphafter,textstyle,fontstyle, lefttoright, righttoleft,textindicator, user, subscript, superscript, strikethrough, underline, spellcheck, inserttag, outdent, indent,blockstyle, blockquote,
It worked without problems in Version 4.3.
I tested show buttons and found problem on fontsize. If I kill fontsize the problem is gone.
Updated by Stanislas Rolland over 14 years ago
@Bernhard: I opened a new bug report for this issue as it is very different from the "security error" reported by the current issue.
See issue: #14876 where I have attached a patch for TYPO3 4.4.0 and trunk. If you apply the patch, you should clear the RTE cache afterwards.
Updated by Stanislas Rolland over 14 years ago
@sardariu: Is this still an issue?
Updated by sardariu over 14 years ago
hello Stanislas
Thanks for response
No it isn't a problem any more because we changed the gateway
Updated by Stanislas Rolland about 14 years ago
When the stylesheets used by the RTE are not accessed through the same domain/subdomain and using the same protocol as the RTE script, then a security error is raised.
When Firefox is the client browser, an error text is set reporting the security error (don't know what the error text is in other browsers). In such case, the attached patch will add a message on the troubleshooting log explaining the cause of the error.
Updated by Stanislas Rolland about 14 years ago
Thanks to Carsten Emde for reporting his investigation of this issue:
«I have now spent another couple of days to fix this nasty situation.
Fortunately, I found the origin of the problem. RTE is now innocently
running in the frontend of our Web page, and all is good.
When you said that the CSS files need to be in the same domain, this is
entirely correct. But, apparently, much more is needed to effectively
fight against cross-site scripting attacks. In order to prevent the
NS_ERROR_DOM_SECURITY_ERR error, everything of a web page needs to be in
the same domain, in the same subdomain and, more importantly, be
transmitted with the same protocol. This is not a special feature of
Firefox; IE8, Safari, Chrome, Opera and friends are behaving similarly.
Ok, what happened here?
Initially, a user is connecting to our Web site "http://www.osadl.org",
and the content of the Web site including CSS files is loaded. In order
to use the calendar and trouble ticket extensions, the user needs to
login. As required for this purpose, the login page is accessed via
https and some content is then transmitted using this protocol. Any
further attempt to run RTE in this situation, irrespective of whether
subsequent content is transmitted via http or https, crashes with the
NS_ERROR_DOM_SECURITY_ERR error. This is the result of the browser
storing the transmission protocol and the domain of the content, so it
can refuse to load dynamic pages, if they do not match the available
content, or if there is no coherent origin and protocol of the content.
I, therefore, changed the baseURL to "https://www.osadl.org" to force a
coherent protocol throughout an entire session - even when it is not
needed. Unfortunately, it still did not work, and I spent another day in
a waste of time - stupid me, because I simply forgot to flush the
browser cache. Of course, I flushed the server caches (as always), but
in this special case, it is important that the browser cache be flushed
as well to remove any non-https content at the client site. Only if the
entire content of a Web page has been transmitted using the same
protocol, it is considered safe. After I flushed the browser cache, RTE
popped up and started to work as I was used to it from the backend
experience.
The only irregularity I found in the RTE code was the determination of
the baseURL in htmlarea.js that did not work and resulted in "http://"
only. Someone mentioned this earlier in one of the related bug reports
and you already commented on it. But this was only a side effect. The
attached patch fixes the problem; it matches any content including the
double slash up to the first occurrence of a single slash.
I did not file an RTE bug, since actually the main problem was not a bug
- it is a security feature. On the other hand, the description of the
fix might be helpful to others. I leave it up to you to decide what to
do with it.»
Updated by Stanislas Rolland about 14 years ago
Patch committed to SVN TYPO3core trunk (revision 8663) and branch TYPO3_4-4 (revision 8664).