Page 1 of 1

Java 1.7.0_25 issues

PostPosted: Wed Oct 16, 2013 10:55 am
by justinfalk
Hi Phil,

Any chance we can get an update to support 1.7.0_25+? I think it would be as simple as adding "Caller-Allowable-Codebase: *" to the manifest.



JRE 1.7.0_25 release notes:

LiveConnect calls from JavaScript to Java API are blocked when the Java Control Panel security slider is set to Very High level, or when the slider is at the default High level and the JRE has either expired or is below the security baseline.

JRE 1.7.0_25 is now below the security baseline which is why this problem suddenly popped up for users who were happily using this version previously. 1.7.0_45 was released today.

JRE 1.7.0_45 release notes:

JavaScript to Java calls will be allowed without any security dialog prompt only if:

JAR is signed by a trusted CA, has the Caller-Allowable-Codebase manifest entry and JavaScript runs on the domain that matches it.
JAR is unsigned and JavaScript calls happens from the same domain as the JAR location.