Issue with IE security on page opened from javascript

Question

I have a Java web application running in JBOSS with Tomcat with two web applications (contexts) running on it.

A button press on one of the applications opens runs a javascript command to open a new window with a page from the other.

The problem I seem to be having is that this raises a security alert in IE. with the following message:

I can't really ask my customer to add an exception to "http://" what are the likely causes for it not picking up the site?

The browser is correctly pointed at the full url for the page (Ie www.something.net:8080/blah/somepage.jsp) the browser is IE7 with enhanced security running on windows 2003.

Answer 1

IE Enhanced Security Configuration is deliberately designed to prevent general purpose browsing from servers. Folks who want to do workstation-style browsing and just happen to be on a server SKU should disable ESC.

What's the exactly line of code? window.open("http://fullURL", etc), or something like var v=window.open("about:blank"); v.location.href=etc ?

Answer 2

You need to uninstall "Explorer Enhanced Security", which is on by default in Windows Servers, before IE will act like a normal browser. :)

Workstations shouldn't get this problem.

Answer 3

Do the two applications have different domains? IE is preventing the cross-site scripting.

Can you not just have a link to the other site?

EDIT: If this is on Windows Server 2003, then the only way that I've managed to get around it is to disable to enhanced browser security. If this is the case, then you shouldn't really be browsing from a server in the first place.

Edit2:I'm guessing that it is the enhanced browser security that is doing this.
Check out this link: http://support.microsoft.com/kb/815141 on info about it. Your choices are to either to disable it, add an exception for that site, or use another browser.