Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SEC7117 Error when trying to load a javascript file in MS Edge

Tags:

I'm getting this error when trying to load a javascript file from another server when using microsoft edge. I have a feeling it's related to the server being http instead of https, but I'm not sure. It works in IE (after allowing unsecured content), but I can't find an option in Edge to allow unsecured content.

This is the error I'm receiving:

SEC7117: Network request to http://servername/whatever.js did not succeed. This Internet Explorer instance does not have the following capabilities: privateNetworkClientServer 

Thanks in advance for your help!

like image 693
Kirbos Avatar asked Aug 06 '15 15:08

Kirbos


People also ask

How do I enable JavaScript in Microsoft Edge?

Click the wrench icon on the toolbar. Click Options > Under the Hood. In the Privacy section, click Content settings. Scroll to the JavaScript section and click Allow all sites to run JavaScript (recommended).

Does Microsoft Edge support JavaScript?

Microsoft Edge does support JavaScript. If you are using Edge Chromium, access the website, click the lock icon on the upper-left > select site permissions > JavaScript > Allow.

How do I open an HTTP site in Edge?

Microsoft EdgeOpen the Control Panel. Click or double-click the Internet Options icon. In the Internet Properties window, click the Security tab. Select the Trusted sites entry and click the Sites button.

What is an edge error?

It is a fake error message and users are suggested not to contact the number displayed in the error message. If you receive this error message while opening Microsoft Edge or while surfing the internet by using Microsoft Edge, try the fixes described in this article.

How to enable JavaScript in Microsoft Edge Windows 7?

Windows 7 users who wish to turn on JavaScript in Microsoft Edge, can do so in just a few easy steps: Start your Microsoft Edge browser. Click on the three-dot icon in the upper right corner of the screen to access the Menu tab. Now, select the “Settings” item on the Menu interface to access the Settings section.

How to allow or block JavaScript in Microsoft Edge on Mac?

Find the item labeled “Cookies and site permissions” in the left-hand Settings list, and then select it. Under Site Permissions, select the “JavaScript” section. On the JavaScript menu, locate the button beside “Allow (recommended)” and toggle it so that it turns blue. Refresh your Mac Microsoft Edge to apply settings.

Why can't I load a private/local secured SSL page in edge?

It turns out Edge fails to load a private/local secured SSL page (iframe) when in-conjunction of loading a public secured page. Both sites are secured using public SSL certificates to prevent mixed content issues.

What happens if you turn off JavaScript in Microsoft Edge?

Today, modern web browsers like Microsoft Edge have JavaScript enabled by default, allowing users to enjoy consistent interactive experiences on web pages. With JavaScript turned off, Edge users will be unable to view or experience dynamic features on the internet.


2 Answers

It may have something to do with mixing the Internet/Intranet Zones rather than the http/https.

See here: Understanding Enhanced Protected Mode

Private Network resources

Because EPM does not declare the privateNetworkClientServer capability, your Intranet resources are protected from many types of cross-zone attacks (usually called “Cross-Site-Request-Forgery (CSRF)” and “Intranet Port Scanning.”) Internet pages are not able to frame Intranet pages, load images or resources from them, send them CORS XHR requests, etc.

I know that this is an old post, but the info still seems to be relevant since Microsoft MSDN site still references it with regards to IE11 (e.g. here: Enhanced Protected Mode on desktop IE). I also know that IE11 is not Edge, but this info might apply to metro-style apps as well.

[UPDATE]

In my setup Edge failed to load my page in an iframe. When I tried loading the page in a separate Edge tab, it loaded just fine.

It turns out Edge fails to load a private/local secured SSL page (iframe) when in-conjunction of loading a public secured page. Both sites are secured using public SSL certificates to prevent mixed content issues. The issue is that Edge security detects that the iframe site is located on the users local network (private/domain network) and prevents the page from loading in an iframe. Edge reports the following security errors in developer console:

SEC7117: Network request to https://my.company.com/default.html did not succeed. This Internet Explorer instance does not have the following capabilities: privateNetworkClientServer
SEC7111: HTTPS security is compromised by ms-appx-web://microsoft.microsoftedge/assets/errorpages/dnserror.html

To resolve the issue we moved the internal site to a non-local address space (a private network space using a different subnet from the local network) so that Edge detects the site as public network. Alternatively you could move the resources to a true public address.

like image 85
beluga Avatar answered Oct 18 '22 13:10

beluga


Here are two alternatives to restructuring your network:

  1. You may consider adding the externally hosted site to your "Local intranet" zone.

E.g. If external.somedomain contains reference to internal.mydomain/whatever.js then add external.somedomain to "Local intranet" zone in "Internet Options".

  1. If possible change the hostname of the externally hosted site to match your internally hosted site.

E.g. If external.somedomain contains reference to internal.mydomain/whatever.js then change external.somedomain hostname to external.mydomain.

Both of these options will essentially allow scripts on the external site to probe for HTTPS services on your internal network to some extent, which I assume is what this security feature is trying to prevent. The first option being the least secure as the second option is limited to probing matching domain names.

During testing, I noticed that Edge seems to get network details from Active Directory when Windows is domain joined. It's likely to prevent externally hosted sites linking to resources hosted anywhere within your AD domain, and not just the current subnet you are connected to. The one exception is if the externally hosted site shares the same base domain name. All this is apparently undocumented, which is why I'm posting this info here.

like image 36
Sam Hall Avatar answered Oct 18 '22 13:10

Sam Hall