frame forwarding
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
frame forwarding
You do not have the required permissions to view the files attached to this post.
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: frame forwading
do you want to prevent it or allow it ?
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
Re: frame forwarding
I'd like to allow it but having configured everything properly in my opinion I'm getting this browser message (wording may varies depending on the used browser):
By clicking on "Open this content in a new window" I'll be forwarded to my destination.
Using another browser will also lead in getting just a complete blank page without any error messages.
Any advice concerning my question mentioned above?
By clicking on "Open this content in a new window" I'll be forwarded to my destination.
Using another browser will also lead in getting just a complete blank page without any error messages.
Any advice concerning my question mentioned above?
You do not have the required permissions to view the files attached to this post.
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
Re: frame forwarding
Unfortunately this problem is still unsolved for me. No one in this forum with an appropriate hint?
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: frame forwarding
I think it would be easier if we just ignored the DSM feature and you tell us exactly what you want to achieve with your QNAP.
The option you refer to in DSM prevents the DSM web UI to be embedded into an iFrame for enhanced security. It relies on the X-Frame-Options HTTP header https://www.owasp.org/index.php/OWASP_S ... roject#xfo
Whatever you did on QNAP to reproduce this behavior is working as expected. It's blocking the use of a frame to embed the UI. So I don't know what problem you're still having and needs solving.
Please spell out precisely what you want and don't make us guess. Thanks.
The option you refer to in DSM prevents the DSM web UI to be embedded into an iFrame for enhanced security. It relies on the X-Frame-Options HTTP header https://www.owasp.org/index.php/OWASP_S ... roject#xfo
Whatever you did on QNAP to reproduce this behavior is working as expected. It's blocking the use of a frame to embed the UI. So I don't know what problem you're still having and needs solving.
Please spell out precisely what you want and don't make us guess. Thanks.
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
Re: frame forwarding
Thanks for replying. I'd like to embed https://mynas.myqnapcloud.com in https://my.domain.com
So if I visit https://my.domain.com, I should be forwarded to https://mynas.myqnapcloud.com in the background but without a visible change of the url. That's what I'd call frame forwarding. Agreed on this so far? Or am I already wrong?
But obviously this seems to be impossible due to the error message mentioned above.
Btw: Normal forwarding with a visible change of the url works without any problems.
So if I visit https://my.domain.com, I should be forwarded to https://mynas.myqnapcloud.com in the background but without a visible change of the url. That's what I'd call frame forwarding. Agreed on this so far? Or am I already wrong?
But obviously this seems to be impossible due to the error message mentioned above.
This is what I want to do: So how could I achieve the desired behaviour when visiting https://my.domain.com? What do I have to do?Mousetick wrote:It relies on the X-Frame-Options HTTP header https://www.owasp.org/index.php/OWASP_S ... roject#xfo
Btw: Normal forwarding with a visible change of the url works without any problems.
You do not have the required permissions to view the files attached to this post.
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: frame forwarding
so you actually want to expose your qts interface? or some sort of station (photo .. video..etc)
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
Re: frame forwarding
Correct (and please no excursions on safety topics).
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: frame forwarding
Thanks for explaining, it's pretty clear now
Forgive me for not addressing your issue of "frame forwarding" directly, but I'd like to suggest another, simpler IMHO, approach.
Is 'my.domain.com' under your control, do you have control of the DNS settings for 'my.domain.com'? If you have, you can create a DNS alias (called a CNAME record) in the DNS settings of your domain name. The procedure to create such a record vary depending on DNS hosting providers, so I can't tell you exactly how to do it, but in a nutshell you need to create a DNS record like this:
Then you wait a few hours for the change to propagate through the Internet DNS servers, and you can access your qnap cloud by visiting https://my.domain.com.
That's actually what I'm doing with my own domain name and my qnap cloud domain name, and it works perfectly. The benefit is that there are zero changes on the NAS, so less chance of breakage with firmware updates and whatnot, and it doesn't use frames or any other HTML hack.
Beware that if you use HTTPS the server certificate you install on your NAS must be valid for my.domain.com, not mynas.myqnapcloud.com (or you can have a certificate valid for both domains if your certificate provider allows it).
If DNS configuration is not an option for you then we'll need to consider other options.
Forgive me for not addressing your issue of "frame forwarding" directly, but I'd like to suggest another, simpler IMHO, approach.
Is 'my.domain.com' under your control, do you have control of the DNS settings for 'my.domain.com'? If you have, you can create a DNS alias (called a CNAME record) in the DNS settings of your domain name. The procedure to create such a record vary depending on DNS hosting providers, so I can't tell you exactly how to do it, but in a nutshell you need to create a DNS record like this:
Code: Select all
my.domain.com. CNAME mynas.myqnapcloud.com.
That's actually what I'm doing with my own domain name and my qnap cloud domain name, and it works perfectly. The benefit is that there are zero changes on the NAS, so less chance of breakage with firmware updates and whatnot, and it doesn't use frames or any other HTML hack.
Beware that if you use HTTPS the server certificate you install on your NAS must be valid for my.domain.com, not mynas.myqnapcloud.com (or you can have a certificate valid for both domains if your certificate provider allows it).
If DNS configuration is not an option for you then we'll need to consider other options.
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: frame forwarding
I need to add that the DNS setup above works fine for me because I only use QNAP cloud for DDNS. If you use the other features of QNAP cloud (besides DDNS and UPNP firewall port-forwarding) things may not work as well...
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: frame forwarding
If Toxic17 or another forum mod is reading this, could you please move this thread to 'my QNAPcloud service' - thanks.
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
Re: frame forwarding
Yes, domain and DNS settings is under my control.Mousetick wrote:Is 'my.domain.com' under your control, do you have control of the DNS settings for 'my.domain.com'?
Already tried that out last week. It'll lead in getting the error message (or a complete blank page depending on the used browser) I've already mentioned above.Mousetick wrote:If you have, you can create a DNS alias (called a CNAME record) in the DNS settings of your domain name. The procedure to create such a record vary depending on DNS hosting providers, so I can't tell you exactly how to do it, but in a nutshell you need to create a DNS record like this:Code: Select all
my.domain.com. CNAME mynas.myqnapcloud.com.
I know. Got it.Mousetick wrote:Beware that if you use HTTPS the server certificate you install on your NAS must be valid for my.domain.com, not mynas.myqnapcloud.com (or you can have a certificate valid for both domains if your certificate provider allows it).
So what are the other options?Mousetick wrote:If DNS configuration is not an option for you then we'll need to consider other options.
I'm using only QNAP cloud for DDNS, too.Mousetick wrote:I need to add that the DNS setup above works fine for me because I only use QNAP cloud for DDNS. If you use the other features of QNAP cloud (besides DDNS and UPNP firewall port-forwarding) things may not work as well...
Last edited by hitman666 on Mon Jul 23, 2018 11:21 pm, edited 1 time in total.
- dolbyman
- Guru
- Posts: 35251
- Joined: Sat Feb 12, 2011 2:11 am
- Location: Vancouver BC , Canada
Re: frame forwarding
try it via reverse proxy (reverse proxy acting as a "local lan computer" forwarding requests to an external target)
otherwise .. qnap is constantly trying to fix cross site scripting vulnerabilities, so if you find a way to do it, that might not work after the next update
otherwise .. qnap is constantly trying to fix cross site scripting vulnerabilities, so if you find a way to do it, that might not work after the next update
-
- Experience counts
- Posts: 1081
- Joined: Thu Aug 24, 2017 10:28 pm
Re: frame forwarding
That doesn't make sense, and I don't believe you, as the QTS web UI doesn't care what hostname it is served at. You can use any hostname, as long as it resolves to the NAS IP address (or its NAT router IP address). Are you sure you used a DNS CNAME? Are you sure you didn't enable your DNS or hosting provider's "stealth forwarding" (aka "forwarding with masking") instead? Stealth forwarding is completely unrelated to DNS and does use frames instead: it would produce exactly the kind of results you got!hitman666 wrote:Yes, it is.Mousetick wrote:Is 'my.domain.com' under your control, do you have control of the DNS settings for 'my.domain.com'?Already tried that out last week. It'll lead in getting the error message (or a complete blank page depending on the used browser) I've already mentioned above.Mousetick wrote:If you have, you can create a DNS alias (called a CNAME record) in the DNS settings of your domain name. The procedure to create such a record vary depending on DNS hosting providers, so I can't tell you exactly how to do it, but in a nutshell you need to create a DNS record like this:Code: Select all
my.domain.com. CNAME mynas.myqnapcloud.com.
Another benefit of using DNS CNAME is that it can also work with other protocols, not just HTTP/S.
I was going to give you some pointers but on second thought I realized it would allow a hacker to weaken the security of the NAS. And you might be a hacker, I don't know. Sorry. Or you could set up a reverse HTTP proxy as dolbyman suggested above.hitman666 wrote:So what are the other options?Mousetick wrote:If DNS configuration is not an option for you then we'll need to consider other options.
You should be able to make the DNS CNAME work. To verify you configured correctly:
Code: Select all
nslookup my.domain.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
my.domain.com canonical name = mynas.myqnapcloud.com.
Name: mynas.myqnapcloud.com
Address: my.ip.v4.address
Name: mynas.myqnapcloud.com
Address: my:ip:v6:address
-
- Starting out
- Posts: 32
- Joined: Wed Oct 21, 2015 1:49 am
Re: frame forwarding
You're right, indeed. On the hosting provider's side it was enabled (called different by my provider). Disabling it did the trick.Mousetick wrote:Are you sure you didn't enable your DNS or hosting provider's "stealth forwarding" (aka "forwarding with masking") instead? Stealth forwarding is completely unrelated to DNS and does use frames instead: it would produce exactly the kind of results you got!
If I'd be a (good) hacker, I wouldn't ask questions like this. LOLMousetick wrote:I was going to give you some pointers but on second thought I realized it would allow a hacker to weaken the security of the NAS. And you might be a hacker, I don't know. Sorry.
Thanks anyway for your support!