window.opener.location – access denied

Let’s have a look at my programming duties today. The plot goes like this: There is a Web Dynpro within Enterprise Portal (I don’t know proper English fairy tale style, but this sentence feels similar to ‘In a dark, filthy cave lived a horryfying twelve-headed fire-spitting dragon’). This web dynpro opens external window with a JSPDynPage portal component.

Amongst other functionality there is a button, which switches application on the opening window. Since it’s a webdynpro in a portal, we need to use window.opener.top.location, as webdynpro is within a frame (or iframe). First time in works. Second time, Internet Explorer yields Access Denied.

You think: Common cross-site scripting issue. But we only do window.location.href="/irj/portal?NavigationTarget=ROLES://...", so no server is changed. The new component sits at same server as well. And it worked for the first time! Window opener still exists, but any access to it returns Access Denied. And the cause is, that we didn’t change window.opener, we changed window.opener.top, and thus window.opener is no longer valid. Once you realize that, the solution is pretty straightforward:

this.windowopenertop = window.opener.top;
this.windowopenertop.location.href=role1url;

and then later

this.windowopernetop.location.href=role2url;

…and the dragon lived happy ever after (though the user can choose to see another dragon at same location).

*Name
*Mail
Website
Comment