Django and APE: Unsafe JavaScript attempt to access frame with URL

69 views
Skip to first unread message

Alper Ortac

unread,
May 14, 2012, 10:46:55 AM5/14/12
to ape-p...@googlegroups.com

I am trying to setup an APE server for my Django project.

Setup

  1. I followed the setup instructions in the APE wiki: Simple APE Configuration

    I had to change the port though. My virtual host config reads as follows:

    NameVirtualHost 127.0.0.1:8100
    Listen 127.0.0.1:8100
    <VirtualHost 127.0.0.1:8100>
            ServerName local.ape-project.org
            ServerAlias ape.local.ape-project.org
            ServerAlias *.ape.local.ape-project.org

            DocumentRoot "/path/to/my/project/ape-jsf/"
    </VirtualHost>

    Running http://local.ape-project.org:8100/Tools/Check/ runs all tests successfully and returns the message: All test done. Now you can play with your APE \o/

  2. Django is running on port 8000:

    python manage.py runserver_plus 0.0.0.0:8000

  3. I followed the instructions for the first tutorial: Tutorial: Color Changer

    I put the JavaScript code into my django project (with inclusion of Clients/JavaScript.js).

Problem

When i open the page, i get this error:

Unsafe JavaScript attempt to access frame with URL http://2.ape.local.ape-project.org:6969/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22127.0.0.1%22,%22scripts%22:[%22http://local.ape-project.org:8100/static/ape-jsf/Source/mootools-core.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/APE.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Events.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Core.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/Pipe.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeProxy.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeMulti.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Pipe/PipeSingle.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.Stack.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Request/Request.CycledStack.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.longPolling.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.SSE.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.XHRStreaming.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Transport/Transport.JSONP.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/Utility.js%22,%22http://local.ape-project.org:8100/static/ape-jsf/Source/Core/JSON.js%22]}}]
from frame with URL http://127.0.0.1:8000/mydjangoapp/somepage/. Domains, protocols and ports must match.

I understand that there is a security issue with different domains and ports.

But how is this supposed to work?

Reply all
Reply to author
Forward
0 new messages