By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,932 Members | 1,511 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,932 IT Pros & Developers. It's quick & easy.

Security-glitch in IE Using XMLHttp?

P: n/a
I have this little test-page using Ajax to
grab a simple date-string from the server.
This works as expected in IE, FF, NS, etc.

This morning I changed the path to my little
server-side "date-script", so it pointed to
another web-server. Ie. Not the same site
as the page containing my ajax script came from.

As expected, FF, Opera and NS now failed with
a "security permission", *but* IE plodded
happily along and executed the now cross-domain
call and gave me the result. No errors, no warnings...

Is this a well nown fact, or have I discovered
something here?
--
Dag.

Work is the curse of the drinking classes
-- Oscar Wilde
Sep 7 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
On Wed, 07 Sep 2005 07:31:51 GMT, "Dag Sunde" <me@dagsunde.com> wrote:
As expected, FF, Opera and NS now failed with
a "security permission", *but* IE plodded
happily along and executed the now cross-domain
call and gave me the result. No errors, no warnings...


It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.

Jim.
Sep 7 '05 #2

P: n/a
"Jim Ley" <ji*@jibbering.com> wrote in message
news:43****************@news.individual.net...
On Wed, 07 Sep 2005 07:31:51 GMT, "Dag Sunde" <me@dagsunde.com> wrote:
As expected, FF, Opera and NS now failed with
a "security permission", *but* IE plodded
happily along and executed the now cross-domain
call and gave me the result. No errors, no warnings...


It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.


Ah... Interesting...

Is there similar settings in any of the other browsers?
(Mainly interested in FF, NS7.x and Opera).

This may be an interesting feature in intranet applications.

--
Dag.
Sep 7 '05 #3

P: n/a


Dag Sunde wrote:
It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.

Is there similar settings in any of the other browsers?
(Mainly interested in FF, NS7.x and Opera).


No, first of all neither Firefox (current versions) nor Netscape 7 have
any security zone model and frankly allowing such access in general
seems not a good idea.
For IE you can set that setting for different zones so you could savely
configure the normal internet zone but for intranet zone or trusted
sites you could lower the settings.

If you wanted to do anything with script in Mozilla browsers that is not
allowed by normal settings then you would need to use signed script and
then that script still needs to ask the user for certain rights which
pops up a dialog where the user can grant the right or not. Script
signing requires a certificate which a certificate authority usually
charges money for every year you need the certificate.
Mozilla also as far as I am currently aware does not distiguish between
http://localhost/ access and access to real remote hosts.
--

Martin Honnen
http://JavaScript.FAQTs.com/
Sep 7 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.