"Permission denied" for XMLHttpRequest in Firefox

dx27s

Hi all,

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?
CODE SNIPPETS:

function getPage() {
waiting = true;
try {
loadPage('<%=testURL%>'); // generated by JSP code
} catch(e) {
var msg = (typeof e == "string") ? e : ((e.message) ? e.message :
"Unknown Error");
alert("Unable to get XML data:\n" + msg);
return;
}
}

function loadPage(url) {
// branch for native XMLHttpRequest object
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = processPage;
req.open("GET", url, true);
req.send(null);
// branch for IE/Windows ActiveX version
} else if (window.ActiveXObject) {
isIE = true;
req = new ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange = processPage;
req.open("GET", url, true);
req.send();
}
}
}

function processPage() {
// only if req shows "loaded"
if (req.readyState == 4) {
// only if "OK"
if (req.status == 200) {
// ...processing statements go here...
//stream = req.responseText;
//alert(stream);

location.href = "frames.jsp";

} else {
waiting=false;
}
}
}

Oct 4 '05 #1

Lance Dyas

dx27s wrote:

Hi all,

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.
Actually people with default xp sp2 security will also have the problem
in IE

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?

A simple redirector which can be accomplished a number of ways but if
you control both servers and they use Apache I recommend you use
mod_rewrite, so that the request will client side be back to the same
server (but be rewritten server side to reference the second server)

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Oct 5 '05 #2

Dr Clue

dx27s wrote:

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?

The way I get arround it , is that I use a little program I wrote
called F1XMLrelay.cgi , which is on the server that the javascript
is being served from, so anything it returns is inside the
"domain-barrier". The cgi simply opens a socket and places
the http request to the original destination, collects the result
and relays it back to the browser.

I use this approach for doing SOAP services too.

The .cgi could be a servlet, php page, or anything else on
your sever that can relay a socket request.
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> Internet Programming since 1994 <>=-- DHTML NSAPI TCP/IP
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.

Oct 9 '05 #3