0

As of Java 7u45 an applet will display a warning message (even if signed with a trusted cert) if a webpage tries to interact with it via javascript and that page isn't listed in the manifest's Caller-Allowable-Codebase attribute.

Release notes about this change: Update Release Notes: Java SE Development Kit 7, Update 45 (JDK 7u45) Attribute description: JAR File Manifest Attributes for Security : Caller-Allowable-Codebase Attribute.

I have tried just a wildcard (*), but I still get the warning.

Is there a way around this other than listing all codebases it may run at?

The reason this is a problem for me is that this applet runs on many different machines and networks, but always on intranets at various locations. This applet also needs to communicate with javascript because it talks to local USB scales and displays results and interacts with the page.

Andrew Thompson
  • 168,117
  • 40
  • 217
  • 433
manali
  • 1
  • 1

1 Answers1

0

The wildcard should work but there is a known issue that if you also have trusted-library: true in the manifest (which was the previous way to allow JavaScript to interact up until 7u45) it may ignore the new Caller-Allowable-Codebase attribute.

If this still doesn't work try clearing your Java cache in the Java Control Panel.

Chris R
  • 2,464
  • 3
  • 25
  • 31
  • Note there is a lot more discussion on this here: http://stackoverflow.com/questions/19393826/java-applet-manifest-allow-all-caller-allowable-codebase – Chris R Oct 21 '13 at 15:57