473,382 Members | 1,766 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,382 software developers and data experts.

XMLHTTPRequest security model

Hi all,

Through local testing I think I've determined a different between the
ie 6 (winxpsp2) and Firefox security models for XMLHTTPRequest objects
but would like to make sure I didn't conclude improperly.

Scenario: An HTML page in domain A references a Javascript file, via a
script tag, from domain B. That script creates a XMLHTTPRequest object
and tries to download some content from domain B.

In Firefox this works as the script is downloading from the domain
which was the source of the script.

In ie, this does not work and fails with a Permission Denied error.
However, the ie code does appear to work if the scipt downloads an
object from domain A.

For anyone who uses XMLHTTPRequest in a multi-domain setting, ss this
consistent with your experience?

Thanks,

Mark

Jul 23 '05 #1
1 1381
On 9 May 2005 11:55:34 -0700, "maui" <mm****@gmail.com> wrote:
Scenario: An HTML page in domain A references a Javascript file, via a
script tag, from domain B. That script creates a XMLHTTPRequest object
and tries to download some content from domain B.

In Firefox this works as the script is downloading from the domain
which was the source of the script.


Er, this is a security concern and should not be happening. The
security context should be the URL of the page, not the URL of the
script.

I would recommend you raise this as an error in Mozilla.

Jim.
Jul 23 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

20
by: Gaz | last post by:
In Internet Explorer 6 I'm having a problem with the httprequest object. I use it to call a webservice and display the result in the readystate event handler. This works the first time I call it...
2
by: dx27s | last post by:
Hi all, I'm working with the XMLHttpRequest object. I receive the following error message: "Permission denied to call method XMLHttpRequest.open" This occurs in Firefox only. IE works fine. ...
1
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
20
by: chris.schwalm | last post by:
This is part II of this <a...
11
by: Une Bévue | last post by:
bon he voudrais m'essaye à écrire un widget, qui n'est autre qu'une page html faisant appel à XMLHttpRequest. pour l'instant mon Man_wgdt n'est qu'une co^pie du widget RDoc (pour documentation...
1
by: Charlie | last post by:
I am trying to make an XMLHttpRequest which violates the default "same- origin"policy in Firefox. I checked the archives and found a method that should work but it does not. Below is the test code...
1
by: geevaa | last post by:
http://www.phpbuilder.com/columns/kassemi20050606.php3 XMLHttpRequest and AJAX for PHP programmers James Kassemi Introduction: Although the concept isn't entirely new, XMLHttpRequest...
1
by: Tarik Monem | last post by:
OK, I'm pretty sure this cannot work because I'm trying to use JavaScript (client-side) to write to an xml file (which is server-side) using XMLHttpRequest. Can I use PHP do what I'm trying to do?...
9
by: torso | last post by:
Hi Does someone know a good tutorial for multiple file upload with xmlHttpRequest. I am trying to do directory upload. So I could choose directorys and upload those to the server. Another...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.