6 Replies Latest reply on Sep 6, 2014 9:31 AM by basteed

    Web Viewer in WebDirect display blank with custom URL's

    basteed

      Summary

      Web Viewer in WebDirect display blank with custom URL's

      Product

      FileMaker Server

      Version

      13.0v4

      Operating system version

      10.9.4

      Description of the issue

      I am unable to view content in a Web Viewer from many URL's and cannot work out why.

      Safari and Chrome show blank Web Viewers, while IE(10) gives a clue to the problem by saying 'the publisher of this content does not allow it to be displayed in a frame' - could this then be related to FMS's Web Server Content Security Policy or X-Frame-Options? Is there a whitelist of domains you do not publish?

      Tested with one specifically crafted URL containing plain text only - no Javascript - content still didn't display in a Web Viewer.

      Steps to reproduce the problem

      URL's which DO display correctly in all 3 browsers:-

      http://www.apple.com/retail/
      http://store.filemaker.com/
      http://bing.com/maps (lots of JS)
      http://international.nytimes.com/
      http://www.metoffice.gov.uk/
      http://www.keplanning.com/ (my wife's business!)

      URL's which DO NOT - non-exhaustive list! All show blank Web Viewer in Safari, Chrome and message/link in IE.

      http://www.amazon.com/
      http://stackoverflow.com/
      http://www.ebay.com/
      http://www.britishairways.com/travel/home/public/en_gb
      http://hello--world.herokuapp.com/

      This last one I designed specifically to test the issue. It's entire html is 'Hello World', no JS, no tags even! Can't see any reason why this one shouldn't work. Attached file shows the same web viewer for this URL opened in FileMaker Pro (13) and in Chrome via WebDirect (blank).

      Expected result

      URL's should display correctly in Web Viewer in WebDirect.

      Actual result

      Blank Web Viewers in Safari, Chrome

      In IE, Web Viewer has Message and link to 'Open this content in a new window' - URL can then successfully be opened in a new window via the link

      Exact text of any error message(s) that appear

      Nothing in Web Viewer in Safari, Chrome.

      In IE:

      This content cannot be displayed in a frame
      ____________________________________________
      To help protect the security of information you enter into this website, the publisher of this content does not allow it to be displayed in a frame

      What you can try:

      • Open this content in a new window

      Configuration information

      Did NOT specify secure connection requirement in FMS, but got similar results with https.

      FMS is locally hosted on my Mac, but got similar results with 3rd party hosted service (https).

      Given 'hello world' URL results I presume the issue cannot be related to JS or any other content and can only guess it is domain-related.

      Workaround

      None I can find, have had to resort to Data URI's instead - which don't of course work in IE..

      same_web_viewer_in_FMP_and_webdirect.png

        • 1. Re: Web Viewer in WebDirect display blank with custom URL's
          TSGal

          Bruce Steedman:

          Thank you for your posts.

          As it says in the WebDirect Guide, some web pages may not load correctly in a Web Viewer, and you should test all webpages you intend to display.  For more design considerations of Web Veiwers, see page 39 at:

          https://fmhelp.filemaker.com/docs/13/en/fm13_webdirect_guide.pdf

          (On a side note, another common web page that will not display in Web Direct is www.google.com.)

          TSGal
          FileMaker, Inc.

          • 2. Re: Web Viewer in WebDirect display blank with custom URL's
            basteed

            Thanks for your quick response TSGal.

            I have read the manual and noted the caveat you have highlighted. However, I am really after a little more explanation as to why some pages load and some do not in WebDirect. This would certainly help me with my application design and I'm sure the FM community at large would benefit from a little more detail here too. In particular, if there is no way of evaluating in advance which pages may work and which may not, the value of the proposition is somewhat diminished.

            I noted your response on a Web viewers with WebDirect and HTTPS and the author of that issue report made a similar point; it is OK saying such and such a feature may not work - but much more helpful to provide some guidance as to why. I went to the effort of setting up a test site on Heroku with text content only and expected this to present no difficulty to WebDirect - as there would be no issues with Javascript, security certificates (no SSL) etc. As it did not, I can only assume that the Web Server either blocks certain domains (or perhaps FMS has a whitelist?) - I'd be grateful for confirmation or otherwise of this. Alternatively does the page need a certain type of encoding specified perhaps? If so I can easily add this to my Heroku site - if I know what is required. If this information is published, FM developers will also be able to check 3rd party sites in advance for FM WebDirect compatibility, greatly improving it's usability.

            I'd rather not spend more time trying to figure this out myself and would very much appreciate some more info on how the Web Server decides what pages it can publish in a Web Viewer and which it cannot. For example, on point one of page 39 of the WebDirect guide (quoted below) are you able to provide some examples? My test site has no such security features, to my knowledge, so again I am still searching for an explanation. I'd very much like to know why even my text-only page at the herokuapp.com domain is blocked in WebDirect.

            • Some webpages may not load correctly because of security features implemented by the pages’ authors
             
            Many thanks
             
            Bruce
            • 3. Re: Web Viewer in WebDirect display blank with custom URL's
              TSGal

              Bruce Steedman:

              A Web Viewer is not a browser.  FileMaker Pro is making calls to the OS webkit (modeled after Safari under Mac OS X and Internet Explorer under Windows), and that information is then displayed in the Web Viewer.

              When using Web Direct, FileMaker Pro converts the layout and objects (including Web Viewer) into HTML so the browser can interpret it.

              If there are security features in place (notably https web sites), then the web pages may not load.  FileMaker will not try to work around those security features put in place by the authors of those web sites.  With Google, this uses iFrames, so instead use the frame http://www.google.com/custom

              TSGal
              FileMaker, Inc.

              • 4. Re: Web Viewer in WebDirect display blank with custom URL's
                basteed

                TSGal

                Understood, but a Web Viewer certainly behaves like a browser in that it's purpose is to render content from web pagers, which as you say, is itself then interpreted by Web Direct as HTML in the client's browser. As the documentation states, this behaviour cannot be guaranteed and all I am asking for is a little more information on what circumstances can lead to this. I can quite understand why some security features in some sites - in particular under https - can cause web pages to not load in a Web Viewer - which is an iFrame or similar itself I guess. This still doesn't explain why I can't view a plain text web page through a non SSL connection to a third party domain with no security features enabled.

                I have tried the google.com/custom page and it does indeed load properly in Web Direct. I have now cloned the HTML from this URL into my hello world site and it still does not load in a Web Viewer via Web Direct. This must surely then be an issue with the FMS web server's own security features - or if not can you please explain what the issue with this particular site is?

                Many thanks

                Bruce

                • 5. Re: Web Viewer in WebDirect display blank with custom URL's
                  TSGal

                  Bruce Steedman:

                  I don't know what was in  your "Hello World" HTML, but I just created a sample file that displays "Hello World", and it displays fine in a Web Viewer and in Web Direct.  Here is the minimal code I used:

                  <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN">
                  <HTML>
                     <HEAD>
                     <TITLE>
                        Hello World
                     </TITLE>
                     <BODY>
                        <P>Hello World</P>
                     </BODY>
                  </HTML>

                  -----

                  You mentioned "plain text".  Was this just a text file?  If so, do other text files display in WebDirect?  The lack of HTML code from the Web Viewer is not picked up by WebDirect.

                  An iframe is not a security issue.  It is an inline frame that is used to embed another document within the current HTML document.

                  TSGal
                  FileMaker, Inc.

                  • 6. Re: Web Viewer in WebDirect display blank with custom URL's
                    basteed

                    Thanks for your quick response again TSGal, I only just saw it in my inbox now..

                    So, I am happy to report that I have resolved the issue. Here follows the detail for interested parties:-

                    Examining the response headers in Chrome I saw that there was a common pattern in the 5 sites I listed that did not work in a WebDirect Web Viewer - all had X-Frame-Options set to SAMEORIGIN - same goes for google.com. I understand that this is a common security setting many sites use to prevent cross site scripting attacks. In my Hello World app, this is apparently a default setting in the application framework I used (Ruby Sinatra) and after learning how to turn it off (here for any interested) the site worked perfectly in all 3 browsers in a Web Viewer in WebDirect.

                    Learnings here appears to be look for X-Frame-Options setting in the response headers of any pages you want to show to WebDirect clients - if enabled the sites will not be viewable in an iFrame/Web Viewer, but can be opened in IE if you click on the link provided. Maybe this point could be added to the WebDirect documentation to help future users?

                    Best regards

                    Bruce