0

I have setup FineUploader 4.0.3 and it's working wonderfully in all browsers except IE8/IE9.

The return message I'm getting is:

https://www.dropbox.com/s/t367y3zx3z2n9to/Screenshot%202013-11-05%2018.26.17.png

'Error when attempting to access iframe during handling of upload response (Access is denied.)"

Currently my server-side code is returning a response like so:

$output = array('success' => true, 'msg' => $msg, 'filename' => $filename);

header('Content-type: text/plain');
echo htmlspecialchars(json_encode($output), ENT_NOQUOTES);

Any assistance would be greatly appreciated.

Adding in updated JS and PHP below

    header('Access-Control-Allow-Origin: *');
    header('Access-Control-Allow-Headers: origin, x-requested-with, content-type, cache-control');
    header("Content-Type: text/html");
    $output = array('success' => true, 'msg' => $msg, 'uuid' => $uuid);
    $json = json_encode($output);
    echo "$json<script src=\"http://jd.loc/iframe.xss.response.js\"></script>";

JS:

                debug: true,
                uploaderType: 'basic',
                button: $chooseFileBtn,
                multiple: false,
                request: {
                    endpoint: 'file/upload'
                },
                validation: {
                    allowedExtensions: ['jpeg', 'jpg', 'gif', 'png'],
                    sizeLimit: 2 * (1024 * 1024), // 2 MB
                    itemLimit: 1
                },

Please note I've also tried it using:

                cors: {
                    expected: true
                },

Didn't seem to make a difference. Thank you!

Also adding in the exact response from the server:

{"success":true,"msg":{"time":1383755346,"hash":"86dd782965cb25d4be96ccce11ae4b63","type":"image/jpg","size":40207},"uuid":"62031b35-c596-4fbe-9d11-16f50b0a8a8e"}

user783622
  • 1
  • 1
  • Is there any more information you can give? – Dave Alperovich Nov 06 '13 at 00:53
  • 1
    Looks like you haven't seen the CORS documentation for Fine Uploader. Have a look at http://blog.fineuploader.com/2013/01/31/cors-support-in-3-3/. Also, see this question: http://stackoverflow.com/questions/19555206/no-vaild-message-received-from-loaded-iframe-for-iframe. – Ray Nicholus Nov 06 '13 at 03:22
  • Ok getting much closer I think, here is a link to the output in console (it's puking on the opening script tag I think): https://www.dropbox.com/s/wj7j691b2ye194j/Screenshot%202013-11-06%2010.21.27.png (will edit above message with my php and js as well – user783622 Nov 06 '13 at 16:21
  • Here is the latest console.trace from IE9: https://www.dropbox.com/s/e5b4u24vgs0yi7p/Screenshot%202013-11-06%2012.14.41.png (the others were from Chrome) – user783622 Nov 06 '13 at 18:15
  • If there is a traditional server example of the back-end PHP code that works in IE8/9 I could try that out as well. The only one I saw was the S3 example, thank you! – user783622 Nov 06 '13 at 19:10

1 Answers1

0

This seems to be working:

    $output = array('success' => true, 'msg' => $msg, 'filename' => $filename, 'uuid' => $uuid);

    header("Content-Type: text/html");

    $data = json_encode($output);
    echo $data;
user783622
  • 1
  • 1