473,566 Members | 2,770 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

can someone explain the cross domain security re AjAX in IE?

can someone explain the cross domain security re AJAX in IE?

I have a page that calls a web service (WS) from another domain (the target
browser is only IE6) and displays it's results! all works fine when the page
is run from my hdd, however when run from the web I get "Access denied" due
to the cross domain security (I assume).

So I set the browser setting to allow cross domain but this did not seem to
work, I got the same error!

Next I tried adding an "A" record to my domain for the WS, so I had
www.mydomain.com = IP of web server and added ws.mydomain.com = IP of the
server
providing the WS. But I still got the same error even though they are called
using the same domain name!

So what does IE check to establish if its cross domain before allowing the
call using XMLHttpRequest to a domain that is different from where the
calling page is hosted?

thanks
Aug 2 '06 #1
4 5042
VK

Adrian wrote:
So what does IE check to establish if its cross domain before allowing the
call using XMLHttpRequest to a domain that is different from where the
calling page is hosted?
It checks if "from" and "to" domains are identical. Say even
foo.mydomain.co m
and
bar.mydomain.co m
are considered to be different.

The only exception it makes for scripts run from the local pages
(loaded from your harddrive). No other exceptions, no options to
change. That is an obvious dead end for the technologie, however
serious security considerations would be.

So currently many UA producers are testing different ways to relax
cross domain security while keeping it under some control. I suggest to
search for
"XMLHttpReq uest cross domain security" at mozilla.org
and
"IXMLHTTPReques t cross domain security" at microsoft.com

Some solutions are only discussed but not yet implemented, some
implemented but only on the latest engines.

For the time being (if you decide to stay with AJAX) you'll have to use
one of server-side content grabbers like say
<http://www.geocities.c om/schools_ring/stargates/>

Aug 2 '06 #2


Adrian wrote:

I have a page that calls a web service (WS) from another domain (the target
browser is only IE6) and displays it's results! all works fine when the page
is run from my hdd, however when run from the web I get "Access denied" due
to the cross domain security (I assume).
You can put the host that should be allowed to call the web service in
the trusted zone and configure that zone to allow access to data sources
beyond domain boundaries.

--

Martin Honnen
http://JavaScript.FAQTs.com/
Aug 2 '06 #3
Thank you both, I know this is off topic for this group but can a signed
ActiveX make the cross domain call?
"Martin Honnen" <ma*******@yaho o.dewrote in message
news:44******** *************** @newsread2.arco r-online.net...
>

Adrian wrote:

>I have a page that calls a web service (WS) from another domain (the
target browser is only IE6) and displays it's results! all works fine
when the page is run from my hdd, however when run from the web I get
"Access denied" due to the cross domain security (I assume).

You can put the host that should be allowed to call the web service in the
trusted zone and configure that zone to allow access to data sources
beyond domain boundaries.

--

Martin Honnen
http://JavaScript.FAQTs.com/

Aug 3 '06 #4
VK
Adrian wrote:
can a signed ActiveX make the cross domain call?
Presumably yes - if being signed by a recognized authority certificate:
so you can write a .wsh script or a C++ program for that.

You also can make a signed page for Gecko browsers to request for more
proivileges. See
<www.mozilla.or g/projects/security/components/signed-scripts.html>

It doesn't solve the proglem universally (as a server-side content
grabber does) but can be sufficient for your current situation.

Overall the main current trent for all major browser producers
(including Microsoft, Mozilla and Mac) is in using Macromedia
Flash-like approach which was in turn first used in Microsoft Data
Binding technics. Namely you create on the server a text file of a
fixed format and you list in this file all domains and subdomains
allowed to inter-communicate with each other. As I'm starving now on a
9,200 bod cell modem :-) I skip on linking all relevant documents from
microsoft.com and mozilla.org - but they are there for sure as I once
studied them. You may want to search for them independently.

Aug 4 '06 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
25
3245
Cross domain scripting with xmlhttp
by: VA | last post by:
This has come up before but I am not sure if the latest versions of IE and FF change the answer. A script running on a webpage served up by http://foo.something.com should be able to do xmlhttp.open("GET","http://bar.something.com",true) But in Firefox 1.5, I get the Permission denied error Why is this? The domain is something.com so I...
Javascript
13
12394
JSON - Cross domain request
by: trpost | last post by:
I am looking to make a small web app that will return the status of a website from the client browser. I tried this with AJAX and it worked great locally, but did not work for remote users accessing the page, I ran into the security problem with making a cross domain request. I have been reading that with JSON a cross domain request can be...
Javascript
1
1782
Cross-Domain-Scripting
by: torsten.reiners | last post by:
Hi, We try to implement a "web-application" where we have to access a general web-site -- loaded into a frame -- from another frame using JavaScript. We know that there are security issues concerning cross- domain-scripting. Our first soultion (which is working) uses the setting of the required privilege to have "Universal BrowserReas" ...
Javascript
6
5467
AJAX Cross Domain
by: Bart Van der Donck | last post by:
Hello, I'm presenting my new library 'AJAX Cross Domain' - a javascript extension that allows to perform cross-domain AJAX requests. http://www.ajax-cross-domain.com/ Any comments or suggestions are welcome. --
Javascript
1
3389
AJAX: Web Service - How to cross-domain call the server
by: y2ktan | last post by:
hi guys, I am building my web page using AJAX in ASP.Net, now I want to make a cross-domain call from my web application to my web service that both of them are hosted at different machine. I used the steps below to make the cross-domain call to the web service. First of all, I created a web service named as HRService.asmx and it is working...
Javascript
16
2966
Cross-domain cookie updating ?
by: Stevo | last post by:
I'm guessing this is a laughably obvious answer to many here, but it's not to me (and I don't have a server or any knowledge of PHP to be able to try it). It's not strictly a PHP question, but something that PHP guys would know the answer to. I can't think of a more appropriate forum to try. I've heard the ASP and JSP guys aren't as friendly...
PHP
6
3972
cross-domain
by: ampo | last post by:
Hello. Can anyone help with cross-domain problem? I have HTML page from server1 that send xmlHTTPRequest to server2. How can I do it? Thanks.
Javascript
4
2171
cross domain XHR
by: Andrew Poulos | last post by:
If I want to send an XHR request to a different domain without expecting a response is this possible? I've started looking into cross domain security issues with AJAX and I'm unsure what gets restricted. I'm building an elearning course that runs on one server and is to notify a different server each time the course is completed. Andrew...
Javascript
0
7666
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
General
0
7584
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
Windows Server
1
7644
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
Windows Server
0
7951
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
General
1
5484
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
Microsoft Access / VBA
0
3643
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
Networking - Hardware / Configuration
0
3626
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2083
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
1
1201
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us