How do I prevent pop-up blocker from firing within a ASP.NET 4.5 application

How do I prevent pop-up blocker from firing within a ASP.NET 4.5 application?

If popups are not initiated from users actions, if a user clicks a button then an ajax call is initiated then a popup is displayed.  The ajax call is forcing the browser to think the user didn't directly cause an action to open the popup thus becomes blocked.

Is there some kind of global setting or trickery I can put in the web.config, basically saying don't fire the pop up blocker within this application? For Chrome and other browsers.
Paul MaurielloSoftware Programmer Developer Analyst EngineerAsked:
Who is Participating?
 
Paul MaurielloSoftware Programmer Developer Analyst EngineerAuthor Commented:
Thank you for your input, the BA dept has a very specific user design in mind when they spec out the UI. I try to do my best to comply. I did figure out how to bypass the popup blocker on all browsers.

If I insert the below line of code prior to the ajax call

var _myPopup = window.open("", "_blank", null);

Then this line of code in the success of the ajax call

_myPopup.location ="/widget.aspx?e=1&widgetid=0&widgetOutId=" + widgetId + "&companyid=" + _widget.companyId


The chain of user direct action remains intact and the pop up blocker is never triggered
0
 
Dave BaldwinFixer of ProblemsCommented:
Nope, the browsers never see 'web.config'.  That is only used on the server, not the client.
0
 
Paul MaurielloSoftware Programmer Developer Analyst EngineerAuthor Commented:
Is there some kind of global setting or trickery I can put anywhere in the ASP.NET application that tells the browsers, "don't fire the pop up blocker within this application" ? For Chrome and other browsers?
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Dave BaldwinFixer of ProblemsCommented:
No.  I'm sure they would have blocked any method like that already.  Because popups have been used for malicious purposes so many times, you just need to find a method that does not trigger the popup blocker.
0
 
Paul MaurielloSoftware Programmer Developer Analyst EngineerAuthor Commented:
But I have to open a window when I save because I need to call a webservice after the save button is clicked. There's got to be a way around this limitation "The ajax call is forcing the browser to think the user didn't directly cause an action to open the popup thus becomes blocked."



            Savewidget: function () {
                var widgetDataString = JSON.stringify(_widget);
                var widgetDeliveryDataString = JSON.stringify(_widgetDelivery);
                var widgetId = (typeof (window.parent._widgetObject) == "undefined") ? null : window.parent._widgetObject.widgetId;

                $.ajax({
                    async: false, type: "POST", url: "/WebService/widget.asmx/ModifywidgetDelivery", contentType: "application/json; charset=utf-8", dataType: "json",
                    timeout: (61 * 1000), //timeOut = 61 seconds
                    processData: true,
                    data: "{ \"widgetData\" : " + JSON.stringify(widgetDataString) + "," +
                            "\"widgetDeliveryData\" : " + JSON.stringify(widgetDeliveryDataString) + "," +
                            "\"widgetId\" : " + JSON.stringify(widgetId) + "}",
                    success: function (msg) {
                        var widgetOutId = msg.d
                        var displayMessage = "Saved widget";
                        $("#closewidgetNewModal", window.parent.document).trigger("click");
                        window.parent.Utility.FloatingMessage.Show(displayMessage);
                        window.open("/widget.aspx?e=1&widgetid=0&widgetOutId=" + widgetId + "&companyid=" + _widget.companyId, "_blank", null);
                    }, error: function (msg, textStatus, errorThrown) {
                        alert("Error Saving widget");
                        $("#modalOverlayLoading").remove();
                        Utility.Browser.ApplyWatermark();//Reapply any watermarks (nonHTML5 support)
                    }
                });
            }

Open in new window

0
 
Dave BaldwinFixer of ProblemsCommented:
I have never heard of "a way around this limitation".  You should click on "Request Attention" above, maybe someone else can help you.
0
 
Kelvin McDanielSr. Developer/ConsultantCommented:
As the @Dave Baldwin has stated, there's no way to force a browser to "accept" that your window should be opened. Not only is this considered rude... it's a risky security hole that was ruthlessly exploited before this feature was put in place.

In my opinion your best bet would be to either:
1. Load the returning content/message into a div with a clickable link for the user to launch the widget manually.
    - This strategy *should* avoid the security issue.
    - You're basically doing this with your "Saved widget" message already; you could...
        --> Update the message to include a link (or make the whole modal clickable).
        --> Create a click handler and move the window.open() code there.

2. Let the user know that pop-ups are required for your site to work properly and ask them to be enabled for your site.
    - Most users, unless they are loyal users won't appreciate this strategy because some will find it difficult to do.

You should probably consider redesigning the UI of your site so that pop up windows are not required; you'll have less headaches when it comes to situations like this and your users will thank you. If it's not something you think you're able to do you may want to consider engaging a decent UI designer to point you in the right direction. I'm not saying this to be a snob; design is *NOT* one of my strengths so I have to consult with designers all the time.
0
 
Kelvin McDanielSr. Developer/ConsultantCommented:
Glad you were able to find a workaround. Sometimes the simplest changes are the best. :)

I'll warn you that I wouldn't assume this will always be possible... it's not clear from your snippet but I'm guessing that your code is initiated by a user click on screen.
 - If that's the case then yes, this will probably work for the reasonable future.
 - If that's not the case then your workaround is a security hole that will probably be patched... and hopefully very, very soon.

For the benefit of the Moderator, I do *NOT* have a problem with you not awarding points.
0
 
Dave BaldwinFixer of ProblemsCommented:
That is a very clever solution to that problem.  The 'window.open' is a result of the user's action that way.
0
 
Paul MaurielloSoftware Programmer Developer Analyst EngineerAuthor Commented:
The chain of user direct action remains intact and the pop up blocker is never triggered
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.