Do Anyone Know About Http Access Control ,(code Is Given Below)

[shobhitjain]

I need to ask some problem regarding http access control.....<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> //<![CDATA[ var invocation = new XMLHttpRequest(); var url = 'http://mysite.com/research/'; var invocationHistoryText; var body = 'q_id=2&g_id=1668293533'; function callOtherDomain(){ if(invocation) { invocation.open('POST', url, true); invocation.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); invocation.setRequestHeader('Content-Type','application/xml'); invocation.onreadystatechange = handler; invocation.send(body); } else { invocationHistoryText = "No Invocation TookPlace At All"; } } function handler(evtXHR) { if (invocation.readyState == 4) { if (invocation.status == 200) { alert(invocation.responseText); } else { alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status); } } else { dump("currently the application is at" + invocation.readyState); } } </script></head><body> <form id="controlsToInvoke" action=""> <p> <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" /> </p> </form> </body></html> Is this code correct, i have just researched this code giving status code 0 and invocation error 4 ,please help

[justsomeguy]

What do you mean it gives invocation error 4? And why are you trying to set 2 content types, which is the right one?

[shobhitjain]

i thought to encode url ....url encode is put by me,,second one is righti dont know ,what does it mean, thats why i asked on this forum

[Synook]

I don't see how this will allow you to access the other domain anyway, because invocation is just an XMLHttpRequest object, no different from your previous code:

var invocation = new XMLHttpRequest();

[shobhitjain]

Hi sir,You are right ,i also could't find any major difference between the previous code,but here the full code which was listed under the code examples of Cross Domain Scripting In firefox<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> //<![CDATA[ var invocation = new XMLHttpRequest(); var url = 'http://aruner.net/resources/access-control-with-post-preflight/'; var invocationHistoryText; var body = '<?xml version="1.0"?><person><name>Arun</name></person>'; function callOtherDomain(){ if(invocation) { invocation.open('POST', url, true); invocation.setRequestHeader('X-PINGARUNER', 'pingpong'); invocation.setRequestHeader('Content-Type', 'application/xml'); invocation.onreadystatechange = handler; invocation.send(body); } else { invocationHistoryText = "No Invocation TookPlace At All"; var textNode = document.createTextNode(invocationHistoryText); var textDiv = document.getElementById("textDiv"); textDiv.appendChild(textNode); } } function handler(evtXHR) { if (invocation.readyState == 4) { if (invocation.status == 200) { var response = invocation.responseText; //var invocationHistory = response.getElementsByTagName('invocationHistory').item(0).firstChild.data; invocationHistoryText = document.createTextNode(response); var textDiv = document.getElementById("textDiv"); textDiv.appendChild(invocationHistoryText); } else { alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status); } } else { dump("currently the application is at" + invocation.readyState); } } //]]> </script></head><body> <form id="controlsToInvoke" action=""> <p> <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" /> </p> </form> <p id="intro"> This page POSTs XML data to another domain using cross-site XMLHttpRequest mitigated by Access Control. This is the preflight scenario and the invocation to a resource on another domain takes place using first an OPTIONS request, then an actual POST request. </p> <div id="textDiv"> This XHTML document POSTs to another resource using cross-site XHR. If you get a response back, the content of that response should reflect what you POSTed. </div></body></html>Shobhit

[Synook]

http://dev.w3.org/2006/waf/access-control/The server has to allow for it, by sending back certain headers. In other words, unless the site you are trying to request has specifically enabled their server to respond with the correct headers it won't work, Firefox or otherwise.

[shobhitjain]

Thanks sir,you are very right that server should enable headers requested by me.

[Synook]

But does the receiving site respond with those headers? Only if the server you are requesting from returns the correct access-control headers, and only if the browser you are using implements XHR2, will this method work. If you have control over the site you are querying you can use a server-side script, for example the PHP header() call, to set them.In other words, this is not something you can use with just any site.On the client, you can check the headers with a tool like Firebug.

[shobhitjain]

Yes ,SirI am checking the headers using firebug. also i have requested admin of the server to provide me correct headers so that i can request in a proper way.I think that firefox implements XHR2

[marryfoxgirl]

Hi Joomies.I have tried to read through the forum with the same subject, but didnt get any closer.I added a menu element in my main menu. The element should have been a link to the UddeIM inbox but right after reloading i got the famous: "Direct Access to this location is not allowed."Tried changing the theme, deleting the component, mod and plugins but no luck

[Synook]

Hi Joomies.I have tried to read through the forum with the same subject, but didnt get any closer.I added a menu element in my main menu. The element should have been a link to the UddeIM inbox but right after reloading i got the famous: "Direct Access to this location is not allowed."Tried changing the theme, deleting the component, mod and plugins but no luck

That doesn't appear to have anything to do with access-control or XHR2, this seems to be a good article describing the issue: http://www.mydigitallife.info/2007/11/30/j...-allowed-error/.