How do you get around this Ajax cross site scripting problem on FireFox 3?
If you're using jQuery it has a callback function to overcome this:
http://docs.jquery.com/Ajax/jQuery.ajax#options
As of jQuery 1.2, you can load JSON
data located on another domain if you
specify a JSONP callback, which can be
done like so: "myurl?callback=?".
jQuery automatically replaces the ?
with the correct method name to call,
calling your specified callback. Or,
if you set the dataType to "jsonp" a
callback will be automatically added
to your Ajax request.
Alternatively you could make your ajax request to a server-side script which does the cross-domain call for you, then passes the data back to your script
To update the answer (I guess, mostly for my benefit when I come looking for this answer later on), if are loading XML or something else, you can always ask the user if he will allow us to read from another site with this code:
try {
if (netscape.security.PrivilegeManager.enablePrivilege)
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) {
alert("Sorry, browser security settings won't let this program run.");
return;
}
(from the RESTful web services book) But, this only works in firefox, when the html file is loaded from local file. So, not that useful.
One more solution: if all you need is the headers, you can specify "HEAD" as the method and it won't trigger the security issue. For instance, if you just want to know if the web page exists.
var client = new XMLHttpRequest();
client.open("HEAD", my_url, false);
client.send(null);
if(client.readyState != 4 || client.status != 200) //if we failed
alert("can't open web page");
Some more details would be nice: which AJAX library are you using, what would you like to achive, how you do it.
For example it can be a cross-domain Ajax request, which is not allowed. In this case use JSON.
I came across this problem recently and it was while I as AJAX loading the local request, not cross site scripting problem. Also, Jimmy himself seems to have the same problem. This seems to be the FF security problem, this article describes the cause and the solution to access to restricted uri denied" code: "1012 problem.
Sorry, got that error using JQuery
$.ajax on FireFox 3. Tried jsonp
suggestion but I think that will only
work with something that will serve up
json. I'm trying to create a sample
local html file based mashup that will
pull data from Yahoo!Finance, but they
are serving .csv, so I think I'm SOL.
– Jimmy Chandra (Sep 9 at 17:20)
I hope you'll find it useful.
Related
I want to send a POST request with an Electron webview from the outer script. At the moment I just set the src attribute to trigger a page load, which sends a GET request:
<webview id="view">
<script>
document.getElementById('view').setAttribute('src', 'http://example.com/?foo=bar');
</script>
Is there any way to navigate the webview to a URL by sending a POST request? Maybe a method of the webview, instead of just hacking with the src?
You can execute arbitrary code from within the webview context with .executeJavaScript.
Moreover your code has access to all browser built-in apis. Easiest would be to use fetch, with method set to post.
In your case (provided the webview has been already loaded; for example its .src has been set):
document.getElementById('view')
.executeJavaScript('fetch("http://example.com/?foo=bar", {method: "post"});');
Some remarks:
The origin of the request is controlled by .src of the webview.
It seems that all default security policy are still used by webview - specifically you cannot make calls to http: from https:.
It is bit painful to pass code as a string.
Now there is a new <webview>.loadURL() method with a postData option in the docs. I haven't used it yet but it looks exactly like what I was looking for in the past.
It seems they added it as a feature in the meantime.
Basically, Webview element does not have a property like "method" of Form so you can not specify a particular HTTP method for its request. I recommend you to use AngularJS or any other JS frameworks to archive your purpose.
I found two workaround since <webview> does not seem to currently have any way to send a POST request.
Maybe the site you're using will let you send the form as a GET by adding any form elements to the URL's query string. It turns out the site I was using did allow this and I wouldn't've guessed had I not actually tried.
You might be able to send a POST manually through AJAX/fetch etc then replace the HTML of the page in the webview with the HTML returned by your manual POST. You can achieve this using .executeJavaScript() and/or Electron's IPC.
Neither workaround will work in every case. It might be worth filing a feature request with the Electron team too...
So I just went ahead and submitted a feature request. You can follow it here: https://discuss.atom.io/t/add-http-post-method-to-webview/29702
I am doing a jquery.ajax() call on one of our pages to fetch a small text file. I see some of the requests (not all) fail with resp.statusText: "No Transport" and resp.status : 0
What does the error mean (No Transport with a resp code of 0). Strangely it works on some browsers, and doesn't work on some. I couldn't find a patter by looking at the user agents of browsers, where it failed.
Any help would be highly appreciated. I am a beginner to javascript and jquery library, let me know if I omitted crucial information.
My use case:
abc.mydomain.com contains jquery.ajax(url:xyz.mydomain.com) call
Most likely it prevents you from firing a request because it things you are trying to access another domain. xyz.mydomain.com !== mydomain.com.
Why that is not allowed?
Read
Use a Web Proxy for Cross-Domain XMLHttpRequest Calls
Why the cross-domain Ajax is a security concern?
An example to why this is a security issue, assume you installed a bad plugin to your browser. If that plugin got the permission, it can read all loaded files to your browser and be able to edit/change/inject content and codes. Then it might send all collected data to designer own server.
... The most common business needs that are easily accomplished with browser plug-ins are: modify default search, add side frames, inject new content into existing webpage ...more
A good practice is to fetch the data thru ajax via JSON, if you are trying to access another site beside the one the script is calling from, then use JSON-P.
Read
JSON-P
JSON-P call to subdomain
Chrome ajax call to subdomain
A common architecture is to call the current domain that the script is loaded from, then use server script to fetch data from the other domain where the other domain will response to the request and return the data.
A code snippets of your function will help us understand your issue more.
I am trying to implement a simple request to Wikipedia's API using AJAX (XMLHttpRequest). If I type the url in the address bar of Firefox, I get a neat XML, no sweat there. Yet, calling the exact same url with:
// this is my XMLHttpRequest object
httpObjectMain.open("GET", "http://en.wikipedia.org/w/api.php?action=query&format=xml&prop=langlinks&lllimit=500&titles=kaas", true);
httpObjectMain.send(null);
returns an empty response. According to FireBug, I get a 200 OK response, but the content is just empty.
I suspect I might be missing something on the header of the GET http request.
Help! (and thanks!)
The Wikipedia API does support JSONP.
Your query string'll become something like this:
http://en.wikipedia.org/w/api.php?action=query&format=json&callback=test&prop=langlinks&lllimit=500&titles=kaas
But you'll have to build the jsonp handler (or you can use your favorite library to do it), switch to json output format from the xml you choose and create the callback function to parse the result and do the stuff you need on the page.
The browser will not allow you to send an XHR to another domain other than the one the page is on. This is for security purposes.
One way around this that I have seen is to setup a proxy on the domain the page is hosted on that will pass requests through to the actual api server. See http://ajaxpatterns.org/Cross-Domain_Proxy
I want to post some data via javascript to another domain. Something like:
http://www.othersite.com/submitfunnyname?name=blah
The other site (othersite.com) has a REST interface that you can call (well actually this is a get example) to submit a funny name to them.
Can I do this already with javascript? I'm a little confused on this - I know if that service wants to return some data, I'd need to use something like JSON-P - even though here I'm submitting some data, I guess the service will return some message structure letting me know the result, so it would have to be JSON-P, right?
Thanks
Not a particular expert in JavaScript, but isn't this an example of "cross-site scripting", which is not allowed due to possible security threats?
I believe you need to have all HTTP calls being made to the same server domain as the page. You could have a handler on your own site pass the information on to the othersite.com.
You can either use JSON-P if the site supports it, or you can use your web server as a proxy - by making requests to your server, which will in turn use a library such as cURL to make the actual request to the remote site.
Alright, so I'm building a web app that provides music information (i.e. info on artists, albums, songs, etc.) and for the info source I'm using the MusicBrainz API.
Now, I'm trying to load the data from an API call and process it, with jQuery. This is the code I'm using:
Code:
queryString="http://musicbrainz.org/ws/1/artist/?type=xml&name="+qry+"&limit=10";
$.ajax({url: queryString, dataType: ($.browser.msie) ? "text" : "xml", success: function(data){
alert("success");
var xml;
if (typeof data == "string") {
xml = new ActiveXObject("Microsoft.XMLDOM");
xml.async = false;
xml.loadXML(data);
} else {
xml = data;
};
...
With 'queryString' being the URL string for the request, and then I'd proceed to read the data out of the 'xml' object. Fairly simple.
However, this is where problems arise. The code works flawlessly when running locally on my computer, but does not work at all when I upload everything to my web server and try to run it there. I did some reading and have discovered that AJAX calls can't be made across different domains, due to security issues.
So I've read through numerous solutions, but almost all require either something with PHP (which I have absolutely NO knowledge of) or grabbing the data in JSON format (which apparently isn't subject to the same security restrictions). However, my main problem is that the MusicBrainz API does not return data in JSON format (in fact the only format it returns is XML).
So in any event, I was basically just wondering if anyone could give me some help or pointers on if and how I could grab that remote XML file using only JS/jQuery. Or, point me toward another method that could be accomplished by a complete PHP noob like myself.
Thanks for any help!
You require something on your server side to proxy your request to that other server. A URL that looks like:
/proxy?url=http%3A//musicbrainz.org/ws/1/artist/%3Ftype%3Dxml%26name%3Dexample%26limit%3D10
If PHP is available on your server, you can Google to find a generic PHP proxy script.
EDIT Here is an example of very simple PHP script that will retrieve a specified URL:
<?php readfile($_GET['url']) ?>
Note that you won't be able to POST any data to it, or specify a Content-Type. This is the most basic proxy required for very basic needs.
I understand that JSON is not an option right now but still, here is the explanation of why it can work for cross domain requests.
JSON being Javascript, it can be queried using the <script> tag instead of XMLHttpRequest. Since the <script> tag does not have the same restriction for cross domain request, it is possible to retrieve the JSON content this way.
This technique is called JSONP and is implemented in jQuery in the getJSON function.
If you don't want to setup your own proxy server, check out my response here: use jsonp to get xml cross domain