How do I prevent pop-up blocker from firing within a ASP.NET 4.5 application
How do I prevent pop-up blocker from firing within a ASP.NET 4.5 application?
If popups are not initiated from users actions, if a user clicks a button then an ajax call is initiated then a popup is displayed. The ajax call is forcing the browser to think the user didn't directly cause an action to open the popup thus becomes blocked.
Is there some kind of global setting or trickery I can put in the web.config, basically saying don't fire the pop up blocker within this application? For Chrome and other browsers.
If popups are not initiated from users actions, if a user clicks a button then an ajax call is initiated then a popup is displayed. The ajax call is forcing the browser to think the user didn't directly cause an action to open the popup thus becomes blocked.
Is there some kind of global setting or trickery I can put in the web.config, basically saying don't fire the pop up blocker within this application? For Chrome and other browsers.
Dave Baldwin
Nope, the browsers never see 'web.config'. That is only used on the server, not the client.
ASKER
Is there some kind of global setting or trickery I can put anywhere in the ASP.NET application that tells the browsers, "don't fire the pop up blocker within this application" ? For Chrome and other browsers?
No. I'm sure they would have blocked any method like that already. Because popups have been used for malicious purposes so many times, you just need to find a method that does not trigger the popup blocker.
ASKER
But I have to open a window when I save because I need to call a webservice after the save button is clicked. There's got to be a way around this limitation "The ajax call is forcing the browser to think the user didn't directly cause an action to open the popup thus becomes blocked."
Savewidget: function () {
var widgetDataString = JSON.stringify(_widget);
var widgetDeliveryDataString = JSON.stringify(_widgetDelivery);
var widgetId = (typeof (window.parent._widgetObject) == "undefined") ? null : window.parent._widgetObject.widgetId;
$.ajax({
async: false, type: "POST", url: "/WebService/widget.asmx/ModifywidgetDelivery", contentType: "application/json; charset=utf-8", dataType: "json",
timeout: (61 * 1000), //timeOut = 61 seconds
processData: true,
data: "{ \"widgetData\" : " + JSON.stringify(widgetDataString) + "," +
"\"widgetDeliveryData\" : " + JSON.stringify(widgetDeliveryDataString) + "," +
"\"widgetId\" : " + JSON.stringify(widgetId) + "}",
success: function (msg) {
var widgetOutId = msg.d
var displayMessage = "Saved widget";
$("#closewidgetNewModal", window.parent.document).trigger("click");
window.parent.Utility.FloatingMessage.Show(displayMessage);
window.open("/widget.aspx?e=1&widgetid=0&widgetOutId=" + widgetId + "&companyid=" + _widget.companyId, "_blank", null);
}, error: function (msg, textStatus, errorThrown) {
alert("Error Saving widget");
$("#modalOverlayLoading").remove();
Utility.Browser.ApplyWatermark();//Reapply any watermarks (nonHTML5 support)
}
});
}
I have never heard of "a way around this limitation". You should click on "Request Attention" above, maybe someone else can help you.
As the @Dave Baldwin has stated, there's no way to force a browser to "accept" that your window should be opened. Not only is this considered rude... it's a risky security hole that was ruthlessly exploited before this feature was put in place.
In my opinion your best bet would be to either:
1. Load the returning content/message into a div with a clickable link for the user to launch the widget manually.
- This strategy *should* avoid the security issue.
- You're basically doing this with your "Saved widget" message already; you could...
--> Update the message to include a link (or make the whole modal clickable).
--> Create a click handler and move the window.open() code there.
2. Let the user know that pop-ups are required for your site to work properly and ask them to be enabled for your site.
- Most users, unless they are loyal users won't appreciate this strategy because some will find it difficult to do.
You should probably consider redesigning the UI of your site so that pop up windows are not required; you'll have less headaches when it comes to situations like this and your users will thank you. If it's not something you think you're able to do you may want to consider engaging a decent UI designer to point you in the right direction. I'm not saying this to be a snob; design is *NOT* one of my strengths so I have to consult with designers all the time.
In my opinion your best bet would be to either:
1. Load the returning content/message into a div with a clickable link for the user to launch the widget manually.
- This strategy *should* avoid the security issue.
- You're basically doing this with your "Saved widget" message already; you could...
--> Update the message to include a link (or make the whole modal clickable).
--> Create a click handler and move the window.open() code there.
2. Let the user know that pop-ups are required for your site to work properly and ask them to be enabled for your site.
- Most users, unless they are loyal users won't appreciate this strategy because some will find it difficult to do.
You should probably consider redesigning the UI of your site so that pop up windows are not required; you'll have less headaches when it comes to situations like this and your users will thank you. If it's not something you think you're able to do you may want to consider engaging a decent UI designer to point you in the right direction. I'm not saying this to be a snob; design is *NOT* one of my strengths so I have to consult with designers all the time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you were able to find a workaround. Sometimes the simplest changes are the best. :)
I'll warn you that I wouldn't assume this will always be possible... it's not clear from your snippet but I'm guessing that your code is initiated by a user click on screen.
- If that's the case then yes, this will probably work for the reasonable future.
- If that's not the case then your workaround is a security hole that will probably be patched... and hopefully very, very soon.
For the benefit of the Moderator, I do *NOT* have a problem with you not awarding points.
I'll warn you that I wouldn't assume this will always be possible... it's not clear from your snippet but I'm guessing that your code is initiated by a user click on screen.
- If that's the case then yes, this will probably work for the reasonable future.
- If that's not the case then your workaround is a security hole that will probably be patched... and hopefully very, very soon.
For the benefit of the Moderator, I do *NOT* have a problem with you not awarding points.
That is a very clever solution to that problem. The 'window.open' is a result of the user's action that way.
ASKER
The chain of user direct action remains intact and the pop up blocker is never triggered