472,145 Members | 2,047 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,145 software developers and data experts.

"Permission denied" for XMLHttpRequest in Firefox

Hi all,

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?
CODE SNIPPETS:

function getPage() {
waiting = true;
try {
loadPage('<%=testURL%>'); // generated by JSP code
} catch(e) {
var msg = (typeof e == "string") ? e : ((e.message) ? e.message :
"Unknown Error");
alert("Unable to get XML data:\n" + msg);
return;
}
}

function loadPage(url) {
// branch for native XMLHttpRequest object
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = processPage;
req.open("GET", url, true);
req.send(null);
// branch for IE/Windows ActiveX version
} else if (window.ActiveXObject) {
isIE = true;
req = new ActiveXObject("Microsoft.XMLHTTP");
if (req) {
req.onreadystatechange = processPage;
req.open("GET", url, true);
req.send();
}
}
}

function processPage() {
// only if req shows "loaded"
if (req.readyState == 4) {
// only if "OK"
if (req.status == 200) {
// ...processing statements go here...
//stream = req.responseText;
//alert(stream);

location.href = "frames.jsp";

} else {
waiting=false;
}
}
}

Oct 4 '05 #1
2 6378
dx27s wrote:
Hi all,

I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.
Actually people with default xp sp2 security will also have the problem
in IE

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?

A simple redirector which can be accomplished a number of ways but if
you control both servers and they use Apache I recommend you use
mod_rewrite, so that the request will client side be back to the same
server (but be rewritten server side to reference the second server)

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
Oct 5 '05 #2
dx27s wrote:
I'm working with the XMLHttpRequest object. I receive the following
error message: "Permission denied to call method XMLHttpRequest.open"

This occurs in Firefox only. IE works fine.

From my research so far, it seems like this is a security issue related
to the fact that I am trying to access a url on a second server. Both
servers are under my control, however. Is there a way to get around this
limitation?


The way I get arround it , is that I use a little program I wrote
called F1XMLrelay.cgi , which is on the server that the javascript
is being served from, so anything it returns is inside the
"domain-barrier". The cgi simply opens a socket and places
the http request to the original destination, collects the result
and relays it back to the browser.

I use this approach for doing SOAP services too.

The .cgi could be a servlet, php page, or anything else on
your sever that can relay a socket request.
--
--.
--=<> Dr. Clue (A.K.A. Ian A. Storms) <>=-- C++,HTML, CSS,Javascript
--=<> Internet Programming since 1994 <>=-- DHTML NSAPI TCP/IP
--=<> http://resume.drclue.net <>=-- AJAX, SOAP, XML, HTTP
--=<> http://www.drclue.net <>=-- SERVLETS,TCP/IP, SQL
--.
Oct 9 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Mark E. Hamilton | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.