We integrated QV10 AjaxZfc to our web application simply by creating a web page that contains an iframe, which links to AjaxZfc's opendoc.htm.
This works just fine if we deploy the AjaxZfc and the web app under the same IIS web site. However, if the AjaxZfc stuff and the web application are deployed on different servers or web sites, the trouble begins.
The QvAjax.js contains some statements that access window.parent.Qva. From browser's point of view, the window object and window.parent object originate from different domains, which means that browsers consider accessing the window.parent.Qva object as an attempt to do cross-site scripting and an exception gets thrown and nothing works. There is no try-catch block in the script.
FireFox 3.6.13 and IE9 are secure enough to catch this, but Safari 5 and IE8 load the report without any problems.
We are just about to begin our integration project, and I luckily came past your post.
I thought this may be an issue, but luckily we have the option of deploying both under the same IIS site. Can you confirm that this does work correctly?
Another option we may look into is to implement a UFRAME as opposed to an IFrame. Herewith a link to the project
I hope this helps, and please update this post if you find a solution.
Have you found an acceptable resolution to this?
If you are referring to the issue where you cannot host the Qlikview document in an iFrame, you basically only have one option due to actual browser restrictions (Cross Site Scripting). That solution is to host your integration web site and the Qlikview Web Server under the same IIS site. We have done that, and that has solved the issue with cross site scripting.
I have received a response back from QlikTech support regarding this issue. They have confirmed that this is a bug in the AJAX library that was shipped in SR1 and are working on a patch for it. They have not committed to a resolution date, or whether the fix will be in the next service release, but I assume that it will be.
This is a frequent problem that AJAX applications make cross-site requests. The usual solution is to deploy a web proxy in the server where the QV page is, proxy-ing the content of the other web server.
There are plenty of proxy solutions for IIS, for Apache etc