473,395 Members | 2,446 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > can someone explain the cross domain security re ajax in ie?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

can someone explain the cross domain security re AjAX in IE?

can someone explain the cross domain security re AJAX in IE?

I have a page that calls a web service (WS) from another domain (the target
browser is only IE6) and displays it's results! all works fine when the page
is run from my hdd, however when run from the web I get "Access denied" due
to the cross domain security (I assume).

So I set the browser setting to allow cross domain but this did not seem to
work, I got the same error!

Next I tried adding an "A" record to my domain for the WS, so I had
www.mydomain.com = IP of web server and added ws.mydomain.com = IP of the
server
providing the WS. But I still got the same error even though they are called
using the same domain name!

So what does IE check to establish if its cross domain before allowing the
call using XMLHttpRequest to a domain that is different from where the
calling page is hosted?

thanks
Aug 2 '06 #1
4 5034
VK

Adrian wrote:
So what does IE check to establish if its cross domain before allowing the
call using XMLHttpRequest to a domain that is different from where the
calling page is hosted?
It checks if "from" and "to" domains are identical. Say even
foo.mydomain.com
and
bar.mydomain.com
are considered to be different.

The only exception it makes for scripts run from the local pages
(loaded from your harddrive). No other exceptions, no options to
change. That is an obvious dead end for the technologie, however
serious security considerations would be.

So currently many UA producers are testing different ways to relax
cross domain security while keeping it under some control. I suggest to
search for
"XMLHttpRequest cross domain security" at mozilla.org
and
"IXMLHTTPRequest cross domain security" at microsoft.com

Some solutions are only discussed but not yet implemented, some
implemented but only on the latest engines.

For the time being (if you decide to stay with AJAX) you'll have to use
one of server-side content grabbers like say
<http://www.geocities.com/schools_ring/stargates/>

Aug 2 '06 #2


Adrian wrote:

I have a page that calls a web service (WS) from another domain (the target
browser is only IE6) and displays it's results! all works fine when the page
is run from my hdd, however when run from the web I get "Access denied" due
to the cross domain security (I assume).
You can put the host that should be allowed to call the web service in
the trusted zone and configure that zone to allow access to data sources
beyond domain boundaries.

--

Martin Honnen
http://JavaScript.FAQTs.com/
Aug 2 '06 #3
Thank you both, I know this is off topic for this group but can a signed
ActiveX make the cross domain call?
"Martin Honnen" <ma*******@yahoo.dewrote in message
news:44***********************@newsread2.arcor-online.net...
>

Adrian wrote:

>I have a page that calls a web service (WS) from another domain (the
target browser is only IE6) and displays it's results! all works fine
when the page is run from my hdd, however when run from the web I get
"Access denied" due to the cross domain security (I assume).

You can put the host that should be allowed to call the web service in the
trusted zone and configure that zone to allow access to data sources
beyond domain boundaries.

--

Martin Honnen
http://JavaScript.FAQTs.com/

Aug 3 '06 #4
VK
Adrian wrote:
can a signed ActiveX make the cross domain call?
Presumably yes - if being signed by a recognized authority certificate:
so you can write a .wsh script or a C++ program for that.

You also can make a signed page for Gecko browsers to request for more
proivileges. See
<www.mozilla.org/projects/security/components/signed-scripts.html>

It doesn't solve the proglem universally (as a server-side content
grabber does) but can be sufficient for your current situation.

Overall the main current trent for all major browser producers
(including Microsoft, Mozilla and Mac) is in using Macromedia
Flash-like approach which was in turn first used in Microsoft Data
Binding technics. Namely you create on the server a text file of a
fixed format and you list in this file all domains and subdomains
allowed to inter-communicate with each other. As I'm starving now on a
9,200 bod cell modem :-) I skip on linking all relevant documents from
microsoft.com and mozilla.org - but they are there for sure as I once
studied them. You may want to search for them independently.

Aug 4 '06 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

25
Cross domain scripting with xmlhttp
by: VA | last post by:
This has come up before but I am not sure if the latest versions of IE and FF change the answer. A script running on a webpage served up by http://foo.something.com should be able to do...
Javascript
13
JSON - Cross domain request
by: trpost | last post by:
I am looking to make a small web app that will return the status of a website from the client browser. I tried this with AJAX and it worked great locally, but did not work for remote users...
Javascript
1
Cross-Domain-Scripting
by: torsten.reiners | last post by:
Hi, We try to implement a "web-application" where we have to access a general web-site -- loaded into a frame -- from another frame using JavaScript. We know that there are security issues...
Javascript
6
AJAX Cross Domain
by: Bart Van der Donck | last post by:
Hello, I'm presenting my new library 'AJAX Cross Domain' - a javascript extension that allows to perform cross-domain AJAX requests. http://www.ajax-cross-domain.com/ Any comments or...
Javascript
1
AJAX: Web Service - How to cross-domain call the server
by: y2ktan | last post by:
hi guys, I am building my web page using AJAX in ASP.Net, now I want to make a cross-domain call from my web application to my web service that both of them are hosted at different machine. I...
Javascript
16
Cross-domain cookie updating ?
by: Stevo | last post by:
I'm guessing this is a laughably obvious answer to many here, but it's not to me (and I don't have a server or any knowledge of PHP to be able to try it). It's not strictly a PHP question, but...
PHP
6
cross-domain
by: ampo | last post by:
Hello. Can anyone help with cross-domain problem? I have HTML page from server1 that send xmlHTTPRequest to server2. How can I do it? Thanks.
Javascript
4
cross domain XHR
by: Andrew Poulos | last post by:
If I want to send an XHR request to a different domain without expecting a response is this possible? I've started looking into cross domain security issues with AJAX and I'm unsure what gets...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!