473,320 Members | 1,900 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Help needed with .js and AJAX

Hi all,
When using AJAX and javascript I get the following error when
talking to my server:

A script from http://www.mydomain.com was denied UniversalBrowserRead
privileges. I am using firefox 1.5 and here is the code that is being
called:

function showConsumptionData(foodType) {
var url =
'http://mydomain.com/platePyramid.do?foodType=' +
foodType+'&sysTime='+new Date().getTime();
if (window.XMLHttpRequest) {
try {

netscape.security.PrivilegeManager.enablePrivilege ("UniversalBrowserRead");
req = new XMLHttpRequest();
req.onreadystatechange = processSCRequest;
req.open("GET", url, false);
req.send(null);
}
catch (e)
{
alert("(Mozilla)-"+e);
}
} else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLHTTP");
req.onreadystatechange = processSCRequest;
req.open("GET", url, false);
req.send(null);
}
}

The .js files is contained in its own file, being called by the .hrml
file. Could this be causing the problem? I am stumped. Any help would
be appreciated
Regards,

Steven H.

Dec 19 '05 #1
10 4401
Only reason to use the Privilege is for cross domain coding.

If you need it then you need to add the code in two places normally. I
wrote an example using it awhile back,
http://radio.javaranch.com/pascarell...=1120688860820

See if that gives you any light into the problem.

Eric Pascarello
Coauthor of Ajax In Action

Dec 19 '05 #2


sheadley wrote:

A script from http://www.mydomain.com was denied UniversalBrowserRead
privileges. I am using firefox 1.5 and here is the code that is being
called:

function showConsumptionData(foodType) {
var url =
'http://mydomain.com/platePyramid.do?foodType=' +
foodType+'&sysTime='+new Date().getTime();
if (window.XMLHttpRequest) {
try {

netscape.security.PrivilegeManager.enablePrivilege ("UniversalBrowserRead");


You are calling enablePrivilege here but your code is not trusted and
therefore the call gives that message that the requested privilege
UniversalBrowserRead was denied.
With normal security settings code in a HTML document loaded from a HTTP
server is not not able to enable privileges, you would need to use
signed script.
Why do you need that call, or why do you think you need it?

If your HTML document with the script comes from
http://www.mydomain.com/ then your XMLHttpRequest object should be able
to access URLs on www.mydomain.com without any need to enable privileges.
--

Martin Honnen
http://JavaScript.FAQTs.com/
Dec 19 '05 #3
when I don't use the following code:
netscape.security.PrivilegeManager.enablePrivilege ("UniversalBrowserRead
");
I get the following error:

XMLHttpRequest.open() failed permission denied.
I am using jboss and struts to server up these pages would that have an
impact??

*** Sent via Developersdex http://www.developersdex.com ***
Dec 19 '05 #4
VK

Steven Headley wrote:
I am using jboss and struts to server up these pages would that have an
impact??


JBOSS or Perl script - it doesn't matter. What is matter is

(1) Same domain rule:

1) HTML page
2) .js script file
3) URL your're calling with AJAX
-----------------------
all three components have to be from the same domain where the "same
domain" means same protocol (http or https but not a mix), same
subdomain, same domain name and same first level domain:
[http://] [www.] [mycompany] [.com]
from above all squared components can be different or missing but it
has to be *identical* for all three sources (page, script, server call)

If it is true then you can at least use AJAX to call the server.

(2) If it is not true, or if you want to have extended privileges like
UniversalBrowserRead:

Firefox implements three-tier security model from Netscape 4.x (but in
Firefox it is not Java, but native C++ code inside):

1) First all scripts *and pages* have to be contained in a signed .jar
file. The file has to be signed by a valid certificate. If it is, it
still doesn't give it any privileges: it only gives *a privilege to ask
for a privilege*.

2) over netscape.security.PrivilegeManager methods your script asks for
a privilege. If the tier 1 above is passed OK, user will see the popup
asking for privilege. If tier 1 was not passed, no popup will be shown
and request will be automatically cancelled.

3) You using later JavaScript methods to access normally unavailable
information. Each method will ask every time for a privilege from
PrivilegeManager on tier 2 above. But user will not be bothered anymore
with popups. If user granted privilege on tier 2, she also granted the
privilege to PrivilegeManager to grant privileges to all methods on
tier 3.

More info and a working sample can be found here:
<http://www.mozilla.org/projects/security/components/signed-scripts.html>

Dec 19 '05 #5
VK

Steven Headley wrote:
I am using jboss and struts to server up these pages would that have an
impact??


JBOSS or Perl script - it doesn't matter. What is matter is

(1) Same domain rule:

1) HTML page
2) .js script file
3) URL your're calling with AJAX
-----------------------
all three components have to be from the same domain where the "same
domain" means same protocol (http or https but not a mix), same
subdomain, same domain name and same first level domain:
[http://] [www.] [mycompany] [.com]
from above all squared components can be different or missing but it
has to be *identical* for all three sources (page, script, server call)

If it is true then you can at least use AJAX to call the server.

(2) If it is not true, or if you want to have extended privileges like
UniversalBrowserRead:

Firefox implements three-tier security model from Netscape 4.x (but in
Firefox it is not Java, but native C++ code inside):

1) First all scripts *and pages* have to be contained in a signed .jar
file. The file has to be signed by a valid certificate. If it is, it
still doesn't give it any privileges: it only gives *a privilege to ask
for a privilege*.

2) over netscape.security.PrivilegeManager methods your script asks for
a privilege. If the tier 1 above is passed OK, user will see the popup
asking for privilege. If tier 1 was not passed, no popup will be shown
and request will be automatically cancelled.

3) You using later JavaScript methods to access normally unavailable
information. Each method will ask every time for a privilege from
PrivilegeManager on tier 2 above. But user will not be bothered anymore
with popups. If user granted privilege on tier 2, she also granted the
privilege to PrivilegeManager to grant privileges to all methods on
tier 3.

More info and a working sample can be found here:
<http://www.mozilla.org/projects/security/components/signed-scripts.html>

Dec 19 '05 #6
VK

Steven Headley wrote:
I am using jboss and struts to server up these pages would that have an
impact??


JBOSS or Perl script - it doesn't matter. What is matter is

(1) Same domain rule:

1) HTML page
2) .js script file
3) URL your're calling with AJAX
-----------------------
all three components have to be from the same domain where the "same
domain" means same protocol (http or https but not a mix), same
subdomain, same domain name and same first level domain:
[http://] [www.] [mycompany] [.com]
from above all squared components can be different or missing but it
has to be *identical* for all three sources (page, script, server call)

If it is true then you can at least use AJAX to call the server.

(2) If it is not true, or if you want to have extended privileges like
UniversalBrowserRead:

Firefox implements three-tier security model from Netscape 4.x (but in
Firefox it is not Java, but native C++ code inside):

1) First all scripts *and pages* have to be contained in a signed .jar
file. The file has to be signed by a valid certificate. If it is, it
still doesn't give it any privileges: it only gives *a privilege to ask
for a privilege*.

2) over netscape.security.PrivilegeManager methods your script asks for
a privilege. If the tier 1 above is passed OK, user will see the popup
asking for privilege. If tier 1 was not passed, no popup will be shown
and request will be automatically cancelled.

3) You using later JavaScript methods to access normally unavailable
information. Each method will ask every time for a privilege from
PrivilegeManager on tier 2 above. But user will not be bothered anymore
with popups. If user granted privilege on tier 2, she also granted the
privilege to PrivilegeManager to grant privileges to all methods on
tier 3.

More info and a working sample can be found here:
<http://www.mozilla.org/projects/security/components/signed-scripts.html>

Dec 19 '05 #7
VK

Steven Headley wrote:
I am using jboss and struts to server up these pages would that have an
impact??


JBOSS or Perl script - it doesn't matter. What is matter is

(1) Same domain rule:

1) HTML page
2) .js script file
3) URL your're calling with AJAX
-----------------------
all three components have to be from the same domain where the "same
domain" means same protocol (http or https but not a mix), same
subdomain, same domain name and same first level domain:
[http://] [www.] [mycompany] [.com]
from above all squared components can be different or missing but it
has to be *identical* for all three sources (page, script, server call)

If it is true then you can at least use AJAX to call the server.

(2) If it is not true, or if you want to have extended privileges like
UniversalBrowserRead:

Firefox implements three-tier security model from Netscape 4.x (but in
Firefox it is not Java, but native C++ code inside):

1) First all scripts *and pages* have to be contained in a signed .jar
file. The file has to be signed by a valid certificate. If it is, it
still doesn't give it any privileges: it only gives *a privilege to ask
for a privilege*.

2) over netscape.security.PrivilegeManager methods your script asks for
a privilege. If the tier 1 above is passed OK, user will see the popup
asking for privilege. If tier 1 was not passed, no popup will be shown
and request will be automatically cancelled.

3) You using later JavaScript methods to access normally unavailable
information. Each method will ask every time for a privilege from
PrivilegeManager on tier 2 above. But user will not be bothered anymore
with popups. If user granted privilege on tier 2, she also granted the
privilege to PrivilegeManager to grant privileges to all methods on
tier 3.

More info and a working sample can be found here:
<http://www.mozilla.org/projects/security/components/signed-scripts.html>

Dec 19 '05 #8
"Steven Headley" <st************@yahoo.com> wrote in message
news:Mc*****************@news.uswest.net...
when I don't use the following code:
netscape.security.PrivilegeManager.enablePrivilege ("UniversalBrowserRead
");
I get the following error:

XMLHttpRequest.open() failed permission denied.

In your original post, you said that your script (and pages) was coming from
http://www.mydomain.com, but your code calls http://mydomain.com.

Even if thos two resolves to the same ip-address, they are not seen as the
same domain from the browsers point of view.

I am using jboss and struts to server up these pages would that have an
impact??

no

--
Dag.
Dec 20 '05 #9

Steven Headley wrote:
I get the following error:

XMLHttpRequest.open() failed permission denied.


You need to make sure that you only access URLs from the same origin, if
you can't do that then install some server-side "URL fetcher" script so
that you can make all requests to the original server passing the URL on
another server in the query string where the server-side script then
makes the access to the other servers and returns the result to your
client-side code.
--

Martin Honnen
http://JavaScript.FAQTs.com/
Dec 20 '05 #10
On 2005-12-19, VK <sc**********@yahoo.com> wrote:

Steven Headley wrote:
I am using jboss and struts to server up these pages would that have an
impact??
JBOSS or Perl script - it doesn't matter. What is matter is

(1) Same domain rule:

1) HTML page
2) .js script file
3) URL your're calling with AJAX
-----------------------

all three components have to be from the same domain where the "same
domain" means same protocol (http or https but not a mix), same
subdomain, same domain name and same first level domain:
[http://] [www.] [mycompany] [.com]
from above all squared components can be different or missing but it
has to be *identical* for all three sources (page, script, server call)


which browser enforces that .js comes from the same place as the HTML?
(not mozilla and not IE)

you missed out same (optional) port number.
Bye.
Jasen
Dec 21 '05 #11

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Daves | last post by:
Hi, I'm using a asp.net 2.0 website to send out emails to users, the amount of which can reach up to 1500 users. Obviously the code sending the emails has to let the client know the mails are...
4
by: inspiretechnologies | last post by:
Hi all, I'm creating a Php page with connection to a MySql database. In this page, I get all the articles (text) of a member, and when the article's length exceeds 500 characters, a link "read...
1
by: Von Shean | last post by:
I have a website that i have migrated VS 2003 to VS 2005. I have done some work like adding master pages and making rest of the pages as content pages. However, now i want the site to be...
0
by: John Dufour | last post by:
AJAX Consultant Top NY newspaper is seeking a candidate who is confident about building and extending a personalization platform for xxxx.com, a site with an unparalleled combination of scale...
2
by: Ken1 | last post by:
Hello, I want to upgrade my form filling process and make it user interactive. From what i've been reading i guess I need to use AJAX for this to work. I want to do simple stuff like user entering...
0
by: gunimpi | last post by:
http://www.vbforums.com/showthread.php?p=2745431#post2745431 ******************************************************** VB6 OR VBA & Webbrowser DOM Tiny $50 Mini Project Programmer help wanted...
2
by: DurgaKar1780 | last post by:
Hi All, I have an requirement in my project, where i have to show a pop up with an moving icon when a button is clicked. But the problem is that the pop up should close automatically once we get the...
53
by: souporpower | last post by:
Hello All I am trying to activate a link using Jquery. Here is my code; <html> <head> <script type="text/javascript" src="../../resources/js/ jquery-1.2.6.js"</script> <script...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.