This post is more than 5 years old
7 Posts
0
2226
Cross-Origin Frame Error on N1124/N1148 Web UI
When using a modern browser such as Chrome 67 or Firefox 61, the OpenManage Switch Administrator Web UI on the N1100 series of switches fails to show the the main panel - only the header and left hand navigation are shown. This prevents the usage of the Web UI for viewing information or changing the configuration (i.e. it's useless!).
Opening the Developer Tools in Chrome, the reason the main panel fails to load is due to a Cross-Origin Frame Access Violation. One of the loaded scripts attempts to access the main panel frame but this fails due to the violation.
The script in question seems to be Clarity.js - i'm assuming (hoping) however that this is a Dell-developed script and not the Microsoft Javascript library for user profiling/telemetry on webpages which would be a very odd thing to include on a switch administrative interface!
Due to this issue, It is only possible to use the Web UI via a less-secure browser that does not enforce Cross-Origin Frame protection such as IE11.
The switch(es) are running the latest publicly available version of code from Dell - 6.4.2.6.
Clarity.js:1123 Uncaught DOMException: Blocked a frame with origin "http://SWITCH-HOSTNAME" from accessing a cross-origin frame.
at Object.hideAll (http://SWITCH-HOSTNAME/scripts/Clarity.js:1123:36)
at globalStyleJS_LoadEnd (http://SWITCH-HOSTNAME/scripts/globalStyleJS.js:263:15)
at deviceView_LoadEnd (http://SWITCH-HOSTNAME/scripts/deviceView.js:95:3)
at xuiRunJSFunction (http://SWITCH-HOSTNAME/scripts/xui.js:40:14)
at formLoad (http://SWITCH-HOSTNAME/scripts/_xe_deviceView.js:435:3)
at onload (http://SWITCH-HOSTNAME/deviceView.html:18:49)
James_Tru
1 Message
1
November 3rd, 2021 01:00
For anyone running into this problem and finding this page via google, I managed to work around the issue locally.
It stems from clarity.js:1123 which iterates over parent.frames. In my case, the LastPass extension had inserted a frame into the document, with a moz-extension://.... url.
Disabling LastPass after login allowed me to use the web ui normally.
For your own cases, you will need to sort which extension it is that is causing the issue in your browser. You should be able to do this by setting a breakpoint at the line I mentioned above, and reloading the page. Inspect the list of frames and match to your extension(s).
KJKingJ
7 Posts
0
July 31st, 2018 12:00
I'm afraid I no longer have any switch with an older version in the backup partition, but from memory this also occurred previously - it's only now that i've finally gotten around reporting the issue.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
July 31st, 2018 12:00
Does the switch still have an older firmware revision on the backup image? If so, are you able to boot to the older firmware and see if the same behavior is seen?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
August 8th, 2018 07:00
Thanks for reporting your findings. I will be sure this information is provided to our engineering team for further review.
KJKingJ
7 Posts
0
August 8th, 2018 14:00
Thanks Daniel, it should be quite easy for them to reproduce but i'm happy to try things and report back if they need more information.
KJKingJ
7 Posts
0
August 29th, 2022 06:00
Aha! Yes, this was indeed the problem - thanks @James_Tru ! When submitting this thread originally, I was using LastPass. That also explains why I was able to use IE11 successfully, since I didn't have the extension installed there.
The new "Improved Save and Fill" feature may also help - after enabling it in LastPass's Advanced Settings and then disabling/re-enabling the extension, I am now able to access the UI with LastPass still enabled. It looks like this new method may no longer inject a frame, and thus not trigger the CORS issue? Worth a try if you don't want to go through the hassle of disabling LastPass or switching browsers each time you want to use the UI.
RachelGomez
162 Posts
0
September 11th, 2022 23:00
If you want to bypass or ignore the issue and make the error not appear while you browse, follow these steps.
Windows
Kill all instances of Google Chrome. You can do this in Windows by holding the Windows Key and pressing “R” to bring up the Run dialog, then running “tskill chrome*“
Run Chrome using the “–disable-web-security” switch. You can do this one of two ways:
Windows Key and pressing “R” to bring up the Run dialog, then type “chrome –disable-web-security” and select “OK“
Make a new shortcut for Chrome that runs “chrome –ignore-certificate-errors” You can do this by:
Right-click a blank area of the Desktop, then choose “Shortcut“.
For the location, type “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –ignore-certificate-errors. Be sure to include the quotes.
Select “Next“, name the shortcut, then select “Finish“. You can now use the new shortcut to launch Chrome and bypass certificate errors.
MacOS
Start Chrome in MacOS without Web Security using these steps:
Close Chrome.
From the Finder, select “Go” > “Utilities“.
Launch “Terminal“.
Type the following command, then press “Enter“:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --disable-web-security
Be sure you truly trust the website you are using while web security is disabled. We recommend that you do not keep this setting enabled while using other websites. Just use these steps as a temporary way to use the site without being interrupted with the error.
This may help you,
Rachel Gomez