Security violation foreign domain?

On May 8, 3:55*am, Geoff Cox <g...@freeuk.notcomwrote:

Hello,

I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.

This true? If yes, why do all above browsers allow it to happen?!

The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.

Any workaround?

Any thoughts?

Cheers

Geoff

How exactly do you "access" these files?

Geoff Cox <gc**@freeuk.notcomwrites:

Hello,

I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.

This true? If yes, why do all above browsers allow it to happen?!

Those questions can only be answered if you explain how your code
works. Javascript/browsers don't usually have built-in "access some
audio files" methods.

The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.

Any workaround?

Probably, yeah.

Any thoughts?

Use flash instead? (I'm only half kidding).

--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/

On Thu, 08 May 2008 14:34:26 +0200, Joost Diepenmaat <jo***@zeekat.nl>
wrote:

>Geoff Cox <gc**@freeuk.notcomwrites:

>Hello,

I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.

This true? If yes, why do all above browsers allow it to happen?!

Those questions can only be answered if you explain how your code
works. Javascript/browsers don't usually have built-in "access some
audio files" methods.

Joost,

I am using soundmanager2

http://www.schillmania.com/content/p...soundmanager2/

the audio files are accessed using an http link such as

soundManager.createSound({
id:'mySound'+t,
url:'http://www.differentsite.com/audio/Track' + (+t+35) + '.mp3',
onfinish:function(){document.getElementById('test' +t+1).className =
'visibleDiv2'} });
soundManager.play('mySound'+t);
count++;
}

Cheers

Geoff

>

>The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.

Any workaround?

Probably, yeah.

>Any thoughts?

Use flash instead? (I'm only half kidding).

On Thu, 8 May 2008 04:43:10 -0700 (PDT), Tom Cole <tc****@gmail.com>
wrote:

>On May 8, 3:55*am, Geoff Cox <g...@freeuk.notcomwrote:

>Hello,

I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.

This true? If yes, why do all above browsers allow it to happen?!

The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.

Any workaround?

Any thoughts?

Cheers

Geoff

How exactly do you "access" these files?

Tom,

please see my reply to Joost's email.

Cheers

geoff

On May 8, 9:38*am, Geoff Cox <g...@freeuk.notcomwrote:

On Thu, 8 May 2008 04:43:10 -0700 (PDT), Tom Cole <tco...@gmail.com>
wrote:

On May 8, 3:55*am, Geoff Cox <g...@freeuk.notcomwrote:

Hello,

I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.

This true? If yes, why do all above browsers allow it to happen?!

The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.

Any workaround?

Any thoughts?

Cheers

Geoff

How exactly do you "access" these files?

Tom,

please see my reply to Joost's email.

Cheers

geoff- Hide quoted text -

- Show quoted text -

That sounds like it really shouldn't be any different than creating an
img that points to some resource on another server. That is totally
legit and shouldn't really raise any concerns. I'm surprised that
Opera does.

If accessing files from another domain was restricted, there wouldn't
be much use for the internet really :).

The problem comes into play when you try to make an XMLHttpRequest to
another domain or access the DOM of a page provided from another
domain. That does not appear to be the issue here. So I wouldn't be
concerned.

On May 8, 5:38 pm, Geoff Cox <g...@freeuk.notcomwrote:

I am using soundmanager2

http://www.schillmania.com/content/p...soundmanager2/

the audio files are accessed using an http link such as

soundManager.createSound({
id:'mySound'+t,
url:'http://www.differentsite.com/audio/Track'+ (+t+35) + '.mp3',
onfinish:function(){document.getElementById('test' +t+1).className =
'visibleDiv2'} });
soundManager.play('mySound'+t);
count++;

}

That doesn't help too much as it is just the top level wrapper for the
underlaying code. From a quick look soundmanager2 simply creates
OBJECTs for Flash movies and later trying to interact with them using
Javascript on the page. ActionScript (ECMAScript implementation used
in Flash) has its own security model that doesn't coerce with the
browser security model in many details. This way the
ActionScript<>Javascript interaction is normally disabled or limited
on current browsers so to keep both models by their own.

On Thu, 8 May 2008 14:11:44 -0700 (PDT), VK <sc**********@yahoo.com>
wrote:

>On May 8, 5:38 pm, Geoff Cox <g...@freeuk.notcomwrote:

>I am using soundmanager2

http://www.schillmania.com/content/p...soundmanager2/

the audio files are accessed using an http link such as

soundManager.createSound({
id:'mySound'+t,
url:'http://www.differentsite.com/audio/Track'+ (+t+35) + '.mp3',
onfinish:function(){document.getElementById('test '+t+1).className =
'visibleDiv2'} });
soundManager.play('mySound'+t);
count++;

}

That doesn't help too much as it is just the top level wrapper for the
underlaying code. From a quick look soundmanager2 simply creates
OBJECTs for Flash movies and later trying to interact with them using
Javascript on the page. ActionScript (ECMAScript implementation used
in Flash) has its own security model that doesn't coerce with the
browser security model in many details. This way the
ActionScript<>Javascript interaction is normally disabled or limited
on current browsers so to keep both models by their own.

VK,

I'm not sure that I totally follow you - is taking the mp3 files from
the other server a problem or not?!

IE and FF do not complain (ie no error messages) and play the files.
Opera complains but plays them...

I am concerned that other users of IE and FF may have a different
experience from mine and might not be able to play the sounds?!

Cheers

GTeoff

On Thu, 8 May 2008 13:42:22 -0700 (PDT), Tom Cole <tc****@gmail.com>
wrote:

>>
please see my reply to Joost's email.

Cheers

geoff- Hide quoted text -

- Show quoted text -

That sounds like it really shouldn't be any different than creating an
img that points to some resource on another server. That is totally
legit and shouldn't really raise any concerns. I'm surprised that
Opera does.

If accessing files from another domain was restricted, there wouldn't
be much use for the internet really :).

The problem comes into play when you try to make an XMLHttpRequest to
another domain or access the DOM of a page provided from another
domain. That does not appear to be the issue here. So I wouldn't be
concerned.

Tom,

Thanks - that's reassuring!

Cheers

Geoff