473,509 Members | 12,711 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

XMLHTTPRequest security model

Hi all,

Through local testing I think I've determined a different between the
ie 6 (winxpsp2) and Firefox security models for XMLHTTPRequest objects
but would like to make sure I didn't conclude improperly.

Scenario: An HTML page in domain A references a Javascript file, via a
script tag, from domain B. That script creates a XMLHTTPRequest object
and tries to download some content from domain B.

In Firefox this works as the script is downloading from the domain
which was the source of the script.

In ie, this does not work and fails with a Permission Denied error.
However, the ie code does appear to work if the scipt downloads an
object from domain A.

For anyone who uses XMLHTTPRequest in a multi-domain setting, ss this
consistent with your experience?

Thanks,

Mark

Jul 23 '05 #1
1 1388
On 9 May 2005 11:55:34 -0700, "maui" <mm****@gmail.com> wrote:
Scenario: An HTML page in domain A references a Javascript file, via a
script tag, from domain B. That script creates a XMLHTTPRequest object
and tries to download some content from domain B.

In Firefox this works as the script is downloading from the domain
which was the source of the script.


Er, this is a security concern and should not be happening. The
security context should be the URL of the page, not the URL of the
script.

I would recommend you raise this as an error in Mozilla.

Jim.
Jul 23 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
20
4981
XmlHttpRequest
by: Gaz | last post by:
In Internet Explorer 6 I'm having a problem with the httprequest object. I use it to call a webservice and display the result in the readystate event handler. This works the first time I call it...
Javascript
2
6515
"Permission denied" for XMLHttpRequest in Firefox
by: dx27s | last post by:
Hi all, I'm working with the XMLHttpRequest object. I receive the following error message: "Permission denied to call method XMLHttpRequest.open" This occurs in Firefox only. IE works fine. ...
Javascript
1
3328
Design Issue: Separating Application Security Model from the Application (Custom or User) Controls
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
ASP.NET
20
2636
XMLHTTPRequest variable and callback function question
by: chris.schwalm | last post by:
This is part II of this <a...
Javascript
11
2523
Permission denied to call method XMLHttpRequest.open
by: Une Bévue | last post by:
bon he voudrais m'essaye à écrire un widget, qui n'est autre qu'une page html faisant appel à XMLHttpRequest. pour l'instant mon Man_wgdt n'est qu'une co^pie du widget RDoc (pour documentation...
Javascript
1
25076
Problem with UniversalBrowserRead: "Permission denied to call method XMLHttpRequest.open"
by: Charlie | last post by:
I am trying to make an XMLHttpRequest which violates the default "same- origin"policy in Firefox. I checked the archives and found a method that should work but it does not. Below is the test code...
Javascript
1
4013
XMLHttpRequest and AJAX for PHP programmers
by: geevaa | last post by:
http://www.phpbuilder.com/columns/kassemi20050606.php3 XMLHttpRequest and AJAX for PHP programmers James Kassemi Introduction: Although the concept isn't entirely new, XMLHttpRequest...
PHP
1
5286
How do I update data within an xml childnode using XMLHttpRequest
by: Tarik Monem | last post by:
OK, I'm pretty sure this cannot work because I'm trying to use JavaScript (client-side) to write to an xml file (which is server-side) using XMLHttpRequest. Can I use PHP do what I'm trying to do?...
XML
9
4486
multiple file upload+xmlHttpRequest
by: torso | last post by:
Hi Does someone know a good tutorial for multiple file upload with xmlHttpRequest. I am trying to do directory upload. So I could choose directorys and upload those to the server. Another...
Javascript
0
7237
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7137
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7349
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
7074
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7506
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5659
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
5063
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4734
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3219
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us