shobhitjain Posted November 9, 2009 Share Posted November 9, 2009 I need to ask some problem regarding http access control.....<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> //<![CDATA[ var invocation = new XMLHttpRequest(); var url = 'http://mysite.com/research/'; var invocationHistoryText; var body = 'q_id=2&g_id=1668293533'; function callOtherDomain(){ if(invocation) { invocation.open('POST', url, true); invocation.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); invocation.setRequestHeader('Content-Type','application/xml'); invocation.onreadystatechange = handler; invocation.send(body); } else { invocationHistoryText = "No Invocation TookPlace At All"; } } function handler(evtXHR) { if (invocation.readyState == 4) { if (invocation.status == 200) { alert(invocation.responseText); } else { alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status); } } else { dump("currently the application is at" + invocation.readyState); } } </script></head><body> <form id="controlsToInvoke" action=""> <p> <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" /> </p> </form> </body></html> Is this code correct, i have just researched this code giving status code 0 and invocation error 4 ,please help Link to comment Share on other sites More sharing options...
justsomeguy Posted November 9, 2009 Share Posted November 9, 2009 What do you mean it gives invocation error 4? And why are you trying to set 2 content types, which is the right one? Link to comment Share on other sites More sharing options...
shobhitjain Posted November 9, 2009 Author Share Posted November 9, 2009 i thought to encode url ....url encode is put by me,,second one is righti dont know ,what does it mean, thats why i asked on this forum Link to comment Share on other sites More sharing options...
Synook Posted November 9, 2009 Share Posted November 9, 2009 I don't see how this will allow you to access the other domain anyway, because invocation is just an XMLHttpRequest object, no different from your previous code: var invocation = new XMLHttpRequest(); Link to comment Share on other sites More sharing options...
shobhitjain Posted November 10, 2009 Author Share Posted November 10, 2009 Hi sir,You are right ,i also could't find any major difference between the previous code,but here the full code which was listed under the code examples of Cross Domain Scripting In firefox<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> //<![CDATA[ var invocation = new XMLHttpRequest(); var url = 'http://aruner.net/resources/access-control-with-post-preflight/'; var invocationHistoryText; var body = '<?xml version="1.0"?><person><name>Arun</name></person>'; function callOtherDomain(){ if(invocation) { invocation.open('POST', url, true); invocation.setRequestHeader('X-PINGARUNER', 'pingpong'); invocation.setRequestHeader('Content-Type', 'application/xml'); invocation.onreadystatechange = handler; invocation.send(body); } else { invocationHistoryText = "No Invocation TookPlace At All"; var textNode = document.createTextNode(invocationHistoryText); var textDiv = document.getElementById("textDiv"); textDiv.appendChild(textNode); } } function handler(evtXHR) { if (invocation.readyState == 4) { if (invocation.status == 200) { var response = invocation.responseText; //var invocationHistory = response.getElementsByTagName('invocationHistory').item(0).firstChild.data; invocationHistoryText = document.createTextNode(response); var textDiv = document.getElementById("textDiv"); textDiv.appendChild(invocationHistoryText); } else { alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status); } } else { dump("currently the application is at" + invocation.readyState); } } //]]> </script></head><body> <form id="controlsToInvoke" action=""> <p> <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" /> </p> </form> <p id="intro"> This page POSTs XML data to another domain using cross-site XMLHttpRequest mitigated by Access Control. This is the preflight scenario and the invocation to a resource on another domain takes place using first an OPTIONS request, then an actual POST request. </p> <div id="textDiv"> This XHTML document POSTs to another resource using cross-site XHR. If you get a response back, the content of that response should reflect what you POSTed. </div></body></html>Shobhit Link to comment Share on other sites More sharing options...
Synook Posted November 10, 2009 Share Posted November 10, 2009 http://dev.w3.org/2006/waf/access-control/The server has to allow for it, by sending back certain headers. In other words, unless the site you are trying to request has specifically enabled their server to respond with the correct headers it won't work, Firefox or otherwise. Link to comment Share on other sites More sharing options...
shobhitjain Posted November 10, 2009 Author Share Posted November 10, 2009 Thanks sir,you are very right that server should enable headers requested by me. Link to comment Share on other sites More sharing options...
Synook Posted November 10, 2009 Share Posted November 10, 2009 But does the receiving site respond with those headers? Only if the server you are requesting from returns the correct access-control headers, and only if the browser you are using implements XHR2, will this method work. If you have control over the site you are querying you can use a server-side script, for example the PHP header() call, to set them.In other words, this is not something you can use with just any site.On the client, you can check the headers with a tool like Firebug. Link to comment Share on other sites More sharing options...
shobhitjain Posted November 10, 2009 Author Share Posted November 10, 2009 Yes ,SirI am checking the headers using firebug. also i have requested admin of the server to provide me correct headers so that i can request in a proper way.I think that firefox implements XHR2 Link to comment Share on other sites More sharing options...
marryfoxgirl Posted November 20, 2009 Share Posted November 20, 2009 Hi Joomies.I have tried to read through the forum with the same subject, but didnt get any closer.I added a menu element in my main menu. The element should have been a link to the UddeIM inbox but right after reloading i got the famous: "Direct Access to this location is not allowed."Tried changing the theme, deleting the component, mod and plugins but no luck Link to comment Share on other sites More sharing options...
Synook Posted November 20, 2009 Share Posted November 20, 2009 Hi Joomies.I have tried to read through the forum with the same subject, but didnt get any closer.I added a menu element in my main menu. The element should have been a link to the UddeIM inbox but right after reloading i got the famous: "Direct Access to this location is not allowed."Tried changing the theme, deleting the component, mod and plugins but no luckThat doesn't appear to have anything to do with access-control or XHR2, this seems to be a good article describing the issue: http://www.mydigitallife.info/2007/11/30/j...-allowed-error/. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.