Java applet manifest - Allow all Caller-Allowable-Codebase

Question

As of Java 7u45 an applet will display a warning message (even if signed with a trusted cert) if a webpage tries to interact with it via javascript and that page isn\'t list

Answer 1

from oracle:

Area: Deployment/Plugin Synopsis: Caller-Allowable-Codebase may be ignored when used with Trusted-Library.

If a trusted, signed jar is using the Caller-Allowable-Codebase manifest attribute along with Trusted-Library then the Caller-Allowable-Codebase manifest entry will be ignored and, as a result, a JavaScript -> Java call will show the native LiveConnect warning. The workaround is to remove the Trusted-Library manifest entry.

http://www.oracle.com/technetwork/java/javase/7u45-relnotes-2016950.html