I'm reading out the header of a webpage through:
var srccat=$("*").contents().filter(function(){return this.nodeType == 8;}).get(0).nodeValue;
Then I'm doing some splits and all, which is all working fine.
(I have to read out the header, because a variable is being 'displayed' as text and there is no other way to get to this info...)
However, the page isn't rendering correctly (because it depends on this) and is throwing an error in the console:
"SCRIPT5: Access is denied."
According to the link to "SCRIPT5" (https://msdn.microsoft.com/query/dev12.query?appId=Dev12IDEF1&l=EN-US&k=k(VS.WebClient.Help.SCRIPT5)), it states: "A script tried to access data from a source other than the host of the current page. The Same Origin Policy followed by Internet Explorer and other browsers allows scripts to access data only from sources with the same scheme, host, and port of the URL of the current page."
I assume this has to do with Backbone. I'm not THAT familiar with it, but I understand that it works as a page within a page, so that in my case it's reading information from the 'parent' page.. and I guess this is not allowed in IE...
The error ONLY occurs in IE(11), not in Firefox or Chrome.
Is there a workaround for this?
I had the same problem with CORS within IE only. I had to use a work around of jQuery's CORS support.
// enables cross origin ressource sharing with IE9
$.support.cors = true;
Is it safe to use $.support.cors = true; in jQuery?
Place this before any other ajax requests are made but after loading jQuery (obviously).
Related
Every development pipeline has 2 parts. FIRST to work hard and develop the application. SECOND to work harder and make it compatible with the great arrogant IE.
We have an AngularJS (v1.3.13) application without any server side code developed in Webstorm. We are making REST calls to service. Our application works fine on Chrome and Firefox without any Console errors. However when we try to open the page in IE11 or IE9 (not tried IE10), our page doesn't load. Console suggests we have 2 errors. One of them is Access is Denied on
xhr.open(method, url, true);
in angular.js.
There are number of posts on internet and none seems to be working. This is what I have tried.
Hosting app in IIS with changed Handler Mappings to support Cross Domain calls on an Application pool of .Net v4.0 (as suggested by a Senior)
Tried to disable to cache for HTTP requests.
Adding Domain in trusted site category and also adding locahost/IP to local intranet.
Changing request type to JSONP and trying to add Access-Control-Allow-Origin (with value of *) to headers.
Changing IE settings to allow Cross Domain calls.
Error is still chasing us. Even my colleagues have tried the same on their machines ending up with similar blow. Is there anyone to suggest me something on this.
It may be CORS and I may need to go for xdr (XDomainRequest) but not sure how to use it as error is in angular.js. I am certainly no expert on this so please suggest.
Screen shot of the error:
IE shows another error:
[$injector:nomod] Module 'ngLocale' is not available!
You either misspelled the module name or forgot to load it.
If registering a module ensure that you specify the dependencies
as the second argument.
http://errors.angularjs.org/1.2.16/$injector/nomod?p0=ngLocale which I am ignoring for now.
Please suggest me something on this.
Thanks.
I switched from 1.3.4 to 1.4.8 and that did the trick. No more Angular Access Denied in I.E. (Microsoft Edge 25 2015). I don't know why.
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.4.8/angular.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/angular-route.js/1.4.8/angular.min.js"></script>
Access is Denied on IE11 in AngularJS error have a solution on this link
I also got the same error while downloading Image from IE11. I have just added the following line in my code and It works.
window.navigator.msSaveBlob(blob, paramDataObject.fileName);
or
window.navigator.msSaveOrOpenBlob(blob, paramDataObject.fileName);
Have you tried xdomain? https://github.com/jpillora/xdomain it's a pure javascript CORS alternative.
if (window.navigator && window.navigator.msSaveOrOpenBlob) {
window.navigator.msSaveOrOpenBlob(blob);
}
else {
var objectUrl = URL.createObjectURL(blob);
window.open(objectUrl);
}
Setting window.location or window.open in AngularJS gives "access is denied" in IE 11
I'm loading a (fairly large) text file into an array using jQuery. When I open the page in Internet Explorer, the array has loaded in perfectly - I can load any element in the array onto the page. When I open the page in Google Chrome / Firefox, the array hasn't loaded at all. The rest of the page is functional, but when I try to load in an element, it just says undefined where the array would have been.
I don't think the file size is the problem, because when opened in Internet Explorer, the array loads pretty fast - nothing seems unresponsive. The file is formatted as "word\nword\nword\nword\nword".
Here's the code I use to load the text file into an array:
var wordList = new Array();
$.get('words.txt', function(data){
wordList = data.split('\n');
});
Later, I used this to test whether the array had loaded:
$('#words').append($('#input').val() + ' ' + wordList[word.length]);
For context, #words is a <p> and #input is a text input. I take the word given in the input and get its length, then I use that as an index for the word list I loaded in earlier. In Internet Explorer, it'll load whatever should be at that index, but in any other browser, it just loads undefined.
I did some research and it looks like there's a problem with the same-origin policy. At least, that's the error I'm getting from the console in Chrome:
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I looked around for some solutions to this, but they all seem to involve finding a way to make a cross-domain request - I don't think that's what I should be doing, though, because this is all on my own PC's filesystem. What's up here?
You are unable to open file:// links in Chrome/FF due to their security model. I believe there are some extensions you can download which make it possible though. Accessing the file through http will solve the problem though.
Another answer to the same problem
I am writing my first WebAPI service, to be called from a pure HTML/javascript application. I am starting visual studio first, then running my app in Safari ( it refuses to run in Chrome, and gives this exact error no matter what I do, but has been fine in Safari until now ).
Based on my other SO reading on this, I've added a header that is Access-Control-Allow-Origin with a value of *.
When I push the button in my web app, it makes an AJAX call and I can step through the debugger to see that it's calling my service fine. When it returns, it always returns an object, and the error in Safari in the console is "XMLHttpRequest cannot load (myurl). Origin file :// is not allowed by Access-Control-Allow-Origin".
Any suggestions for how to get Safari to accept the return value would be greatly appreciated. As I said, it's returning a class, which I expected WebAPI would turn in to a JSON string to return to the browser. I don't know if I'm doing something wrong here, or if something is wrong in Safari. I should mention, although I think it's obvious, I am using MVC4, ergo I am using Safari on Windows, not Mac.
Thanks
How are you currently adding the header? The problem isn't getting safari to accept the return value, your WebAPI is rejecting the request.
Here's an article on how to implement CORS in Web API v1 (MVC4). http://goo.gl/BZkrlf
If you can use MVC5/WebAPI v2, there is an easier way to enable CORS via a NuGet package (see this how-to http://goo.gl/60YkgX)
This is an issue with protocol mismatch. You cannot send a cross domain request to HTTP protocol if the request is originating from the FILE protocol. Try viewing the page using a local webserver so you can preview the page in the browser using HTTP. I have experienced this same issue - it is browser side and not a problem with your service.
You can use Microsoft.AspNet.Cors from nuget and adding
var attr = new EnableCorsAttribute("", "", "GET");
config.EnableCors(attr);
to WebApiConfig.cs
When I click "Print" using the jQuery Print Preview Plugin the following error pops up and Firebug:
Error: Permission denied to access property 'name'
if (window.frames[i].name == "print-frame") {
I am not sure exactly what it means or how to correct it.
There is a way around this that will solve this problem and work properly with all major browsers. This solution was found by Derick over on the Github page for jQuery Print Preview.
Here is the solution, around line 44 you will see the following code:
// The frame lives
for (var i=0; i < window.frames.length; i++) {
if (window.frames[i].name == "print-frame") {
var print_frame_ref = window.frames[i].document;
break;
}
}
Replace the above code with this:
print_frame_ref = print_frame[0].contentWindow.document;
issue solved.
Here is the error in Chrome, I expect this makes it clear?
Unsafe JavaScript attempt to access frame with URL http://s7.addthis.com/static/r07/sh090.html#iit=1341762779832&tmr=load%3D1341762779182%26core%3D1341762779520%26main%3D1341762779826%26ifr%3D1341762779833&cb=0&cdn=0&chr=UTF-8&kw=&ab=-&dh=www.ubhape2.com&dr=http%3A%2F%2Fstackoverflow.com%2Fquestions%2F11384440%2Ferror-permission-denied-jquery-print-preview&du=http%3A%2F%2Fwww.ubhape2.com%2Ftest-print.html&dt=TEST%20Page&md=0&cap=tc%3D0%26ab%3D0&inst=1&irt=0&jsl=33&lng=en-US&ogt=&pc=men&pub=ra-4dfb00d56c76d2a5&ssl=0&sid=4ff9acdb1a41cc60&srd=0&srf=0.02&srp=0.2&srl=1&srx=1&ver=300&xck=0&xtr=0&og=&rev=114791&ct=1&xld=1&xd=1 from frame with URL http://www.ubhape2.com/test-print.html. Domains, protocols and ports must match.
Your page is located on ww.ubhape2.com and you are accessing a frame on s7.addthis.com
To fix this problem, change this line
<script type="text/javascript" src="https://s7.addthis.com/js/300/addthis_widget.js#pubid=ra-4dfb00d56c76d2a5"></script>
To point to the copied script on your site.
You will also have to edit that script to only access your own site.
This is an example of XSS or cross site scripting.
My question then turns into can I edit the jQuery Print Preview Script
to prevent the conflict from happening?
No.
The point of the error is that the javascript is running in the context of another party, and you can't "inject" your code into it.
This is enforced by the browser.
If it was not enforced then every user on the internet would have had their machines compromised.
Read up on a google search of XSS to find out more
However,
If you host the javascript (and thus the iframe) on your server than the issue goes away. It is your code (and your iframe) to do with as you wish.
I have a standard 3-frame layout; "fnav" on the left, "fheader" at the top and "fcontent" below the header. All files are located locally on the hard drive.
This is the JS function that is throwing the error:
function writeHeaderFrame() {
try {
var headerFrame = window.top.frames['fheader'];
var headerTable = document.getElementById('headerTable');
if (headerFrame && headerTable) {
headerFrame.document.body.style.backgroundColor = "Black";
var headerFrameBody = headerFrame.document.documentElement.childNodes[1];
headerFrameBody.innerHTML = headerTable.innerHTML;
} else if (headerTable) {
// there is a headerTable, but no headerFrame
headerTable.style.display = 'inline' // show the headerTable
}
} catch (e) { alert('from header.js, writeHeaderFrame(): ' + e.message); }
}
Clicking on a link in fnav (or initially loading the frameset) loads content into fcontent, then a JS file in fcontent loads the "header" frame... or it is supposed to, anyway. The Javascript runs fine initially, but whenever a link is clicked I get the following error:
Permission Denied To Get Window.document
I am unable to determine why. Any and all suggestions would be appreciated.
First off, please post the code being run when you click those links, and their html.
secondly, did you have a typo there? Window.document should be window.document, should it? (lowercase w)
Edit response to changes in OP question
Without the html it's a little hard to say, but If I were taking a stab in the dark, I'd say this line:
headerFrame.document.body.style.backgroundColor = "Black";
is causing the error. It looks like headerFrame is on a different domain and you don't, for security reasons, have permission to modify the contents of that frame. Of course, some of the following lines will also have the same issue.
Also see http://userscripts.org/topics/25029 and http://www.webdeveloper.com/forum/showthread.php?t=189515 for similar cases.
Edit 2
From Mozilla Development Center
Note: Firefox 3 alters the security for windows' documents so that only the domain from which it was located can access the document. While this may break some existing sites, it's a move made by both Firefox 3 and Internet Explorer 7, and results in improved security.
(see https://developer.mozilla.org/En/DOM/Window.document)
I would guess you're trying to manipulate the window or document from a different origin. HTML5 (and all modern browsers, even IE :D ) enforce (or attempt to enforce) what is called "The Same-Origin Policy". Basically JS from one origin cannot interact with the DOM of a document or window from a different origin.
What is an origin? At a basic level you could substitute domain for origin and almost be right, but the full set of rules are
You must have the same domain
The same port (eg. code on example.com:80 cannot reference the DOM of a page a example.com:8080)
The same protocol (eg. http://example.com is a different origin from https://example.com)
lastly, redirects also matter so (http://example.com -> http://example.com/?redirect=http://evil.com with the server responding with a 3xx redirect to http://evil.com will result in a different origin)
In all liklihood firefox has merely tightened up one area where they did not apply the same origin policy in the past.
Apparently, the user in question updated his installation without changing the following setting to "false", which allows local documents to have access to all other local documents.
pref("security.fileuri.strict_origin_policy", true);
Which explains why I was unable to duplicate the error on my machine.
Many thanks to all for your assistance.
Have you tried installing Firebug and figuring out which line is throwing the error? I'm guessing that since the question is tagged Firefox you are seeing this occur in it.
It'd be most helpful if you could post a template HTML page using this Javascript.
Is the script/frame pages all on the same domain? If not, this is expected. You can't access window.document from another window if they are not on the same domain.