By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,264 Members | 1,718 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,264 IT Pros & Developers. It's quick & easy.

"Permission denied" for XMLHttpRequest in Firefox

P: n/a
Hi all,

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?
CODE SNIPPETS:

function getPage() {
waiting = true;
try {
loadPage('<%=testURL%>'); // generated by JSP code
} catch(e) {
var msg = (typeof e == "string") ? e : ((e.message) ? e.message :
"Unknown Error");
alert("Unable to get XML data:\n" + msg);
return;
}
}

function loadPage(url) {
// branch for native XMLHttpRequest object
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = processPage;
req.open("GET", url, true);
req.send(null);
// branch for IE/Windows ActiveX version
} else if (window.ActiveXObject) {
isIE = true;
req = new ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange = processPage;
req.open("GET", url, true);
req.send();
}
}
}

function processPage() {
// only if req shows "loaded"
if (req.readyState == 4) {
// only if "OK"
if (req.status == 200) {
// ...processing statements go here...
//stream = req.responseText;
//alert(stream);

location.href = "frames.jsp";

} else {
waiting=false;
}
}
}

Oct 4 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
dx27s wrote:
Hi all,

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.
Actually people with default xp sp2 security will also have the problem
in IE

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?

A simple redirector which can be accomplished a number of ways but if
you control both servers and they use Apache I recommend you use
mod_rewrite, so that the request will client side be back to the same
server (but be rewritten server side to reference the second server)

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Oct 5 '05 #2

P: n/a
dx27s wrote:
I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?


The way I get arround it , is that I use a little program I wrote
called F1XMLrelay.cgi , which is on the server that the javascript
is being served from, so anything it returns is inside the
"domain-barrier". The cgi simply opens a socket and places
the http request to the original destination, collects the result
and relays it back to the browser.

I use this approach for doing SOAP services too.

The .cgi could be a servlet, php page, or anything else on
your sever that can relay a socket request.
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> Internet Programming since 1994 <>=-- DHTML NSAPI TCP/IP
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
Oct 9 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.