Security error: Interframe communication (Chrome Adobe Acrobat add-on)

This forum is for discussions on the Help & Manual Premium Pack and the Premium Pack Toolbox configuration utility introduced with Premium Pack 3

Moderators: Alexander Halser, Tim Green

Post Reply
markusflow
Posts: 50
Joined: Tue Apr 30, 2019 4:29 pm

Security error: Interframe communication (Chrome Adobe Acrobat add-on)

Unread post by markusflow »

Hi all,

with PP 4.3 and Chrome with installer Adobe Acrobat Plugin https://chrome.google.com/webstore/deta ... ated?hl=de, I get the following messages for my Webhelps, also for the PP Help http://www.it-authoring.com/info/pp4help/index.html.
13-09-_2021_12-38-02.png
I could add this extension URL to the EMBEDDED_DOMAINS list but not I am not sure if this is the best or recommended solution to suppress this message for users.

Any recommondations? Is there something like a filter for "chrome-extension://" URLs?
You do not have the required permissions to view the files attached to this post.
User avatar
Tim Green
Site Admin
Posts: 23154
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: Security error: Interframe communication (Chrome Adobe Acrobat add-on)

Unread post by Tim Green »

Hi Markus,

Hmm... This message means that the extension is hooking very deeply into the page and using the PostMessage protocol to communicate with iFrames across domain boundaries, which is actually intrusive behavior. This is why the scripts have strong protection built in to only allow this between domains that you specifically allow. Simply adding the extension's pseudo-domain to your allowed list won't help, because then the PostMessage framework in the skin would try to interpret its messages.

I'm not sure if this will work (I don't have the full version of Acrobat and thus can't test this directly), but adding the following line should identify the messages from the plugin and ignore them. Edit the xmessage.js script in the baggage and locate this block of code:

Code: Select all

// Main listener function for parsing and executing postMessage events
		function doParse(event) {
			event = event || window.event;
			
			// Prevent access to any but the current domain when on a web server and allowed domains when remote
			// Full communication is allowed on local because X-Domain attacks are not possible there

			var currentProtocol = document.location.protocol, func, callback,
				domainOK = allowedDomains.length > 0 ? allowedDomains.includes(event.origin) : event.origin == docDomain;
				
			if (currentProtocol.substr(0,4) === "http" && !domainOK) {
Add the line

if (/extension:\/\//.test(event.origin)) return;

in the location shown below. This should identify the PostMessage message as coming from the extension and should then ignore it without taking any action.

Code: Select all

// Main listener function for parsing and executing postMessage events
		function doParse(event) {
			event = event || window.event;
			
			// Prevent access to any but the current domain when on a web server and allowed domains when remote
			// Full communication is allowed on local because X-Domain attacks are not possible there

			var currentProtocol = document.location.protocol, func, callback,
				domainOK = allowedDomains.length > 0 ? allowedDomains.includes(event.origin) : event.origin == docDomain;
				
			if (/extension:\/\//.test(event.origin)) return;
				
			if (currentProtocol.substr(0,4) === "http" && !domainOK) {
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
markusflow
Posts: 50
Joined: Tue Apr 30, 2019 4:29 pm

Re: Security error: Interframe communication (Chrome Adobe Acrobat add-on)

Unread post by markusflow »

Thanks, Tim, that works perfectly!
User avatar
Tim Green
Site Admin
Posts: 23154
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: Security error: Interframe communication (Chrome Adobe Acrobat add-on)

Unread post by Tim Green »

Hi Markus,

Thanks for confirming this. I'll look into it further and add something like this to avoid flagging messages from this and other extensions in the future.
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
User avatar
Tim Green
Site Admin
Posts: 23154
Joined: Mon Jun 24, 2002 9:11 am
Location: Bruehl, Germany
Contact:

Re: Security error: Interframe communication (Chrome Adobe Acrobat add-on)

Unread post by Tim Green »

PS: I've added this to the online version of the help for the time being, so your browser with the Adobe plugin should also work there as well now. 8)
Regards,
Tim (EC Software Documentation & User Support)

Private support:
Please do not email or PM me with private support requests -- post to the forum directly.
Post Reply