Jump to content

Do Anyone Know About Http Access Control ,(code Is Given Below)


shobhitjain
 Share

Recommended Posts

I need to ask some problem regarding http access control.....<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> //<![CDATA[ var invocation = new XMLHttpRequest(); var url = 'http://mysite.com/research/'; var invocationHistoryText; var body = 'q_id=2&g_id=1668293533'; function callOtherDomain(){ if(invocation) { invocation.open('POST', url, true); invocation.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); invocation.setRequestHeader('Content-Type','application/xml'); invocation.onreadystatechange = handler; invocation.send(body); } else { invocationHistoryText = "No Invocation TookPlace At All"; } } function handler(evtXHR) { if (invocation.readyState == 4) { if (invocation.status == 200) { alert(invocation.responseText); } else { alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status); } } else { dump("currently the application is at" + invocation.readyState); } } </script></head><body> <form id="controlsToInvoke" action=""> <p> <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" /> </p> </form> </body></html> Is this code correct, i have just researched this code giving status code 0 and invocation error 4 ,please help

Edited by Shobit
Link to comment
Share on other sites

I don't see how this will allow you to access the other domain anyway, because invocation is just an XMLHttpRequest object, no different from your previous code:

var invocation = new XMLHttpRequest();

Link to comment
Share on other sites

Hi sir,You are right ,i also could't find any major difference between the previous code,but here the full code which was listed under the code examples of Cross Domain Scripting In firefox<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>Simple use of Cross-Site XMLHttpRequest (Using Access Control)</title> <script type="text/javascript"> //<![CDATA[ var invocation = new XMLHttpRequest(); var url = 'http://aruner.net/resources/access-control-with-post-preflight/'; var invocationHistoryText; var body = '<?xml version="1.0"?><person><name>Arun</name></person>'; function callOtherDomain(){ if(invocation) { invocation.open('POST', url, true); invocation.setRequestHeader('X-PINGARUNER', 'pingpong'); invocation.setRequestHeader('Content-Type', 'application/xml'); invocation.onreadystatechange = handler; invocation.send(body); } else { invocationHistoryText = "No Invocation TookPlace At All"; var textNode = document.createTextNode(invocationHistoryText); var textDiv = document.getElementById("textDiv"); textDiv.appendChild(textNode); } } function handler(evtXHR) { if (invocation.readyState == 4) { if (invocation.status == 200) { var response = invocation.responseText; //var invocationHistory = response.getElementsByTagName('invocationHistory').item(0).firstChild.data; invocationHistoryText = document.createTextNode(response); var textDiv = document.getElementById("textDiv"); textDiv.appendChild(invocationHistoryText); } else { alert("Invocation Errors Occured " + invocation.readyState + " and the status is " + invocation.status); } } else { dump("currently the application is at" + invocation.readyState); } } //]]> </script></head><body> <form id="controlsToInvoke" action=""> <p> <input type="button" value="Click to Invoke Another Site" onclick="callOtherDomain()" /> </p> </form> <p id="intro"> This page POSTs XML data to another domain using cross-site XMLHttpRequest mitigated by Access Control. This is the preflight scenario and the invocation to a resource on another domain takes place using first an OPTIONS request, then an actual POST request. </p> <div id="textDiv"> This XHTML document POSTs to another resource using cross-site XHR. If you get a response back, the content of that response should reflect what you POSTed. </div></body></html>Shobhit

Link to comment
Share on other sites

http://dev.w3.org/2006/waf/access-control/The server has to allow for it, by sending back certain headers. In other words, unless the site you are trying to request has specifically enabled their server to respond with the correct headers it won't work, Firefox or otherwise.
Link to comment
Share on other sites

But does the receiving site respond with those headers? Only if the server you are requesting from returns the correct access-control headers, and only if the browser you are using implements XHR2, will this method work. If you have control over the site you are querying you can use a server-side script, for example the PHP header() call, to set them.In other words, this is not something you can use with just any site.On the client, you can check the headers with a tool like Firebug.

Edited by Synook
Link to comment
Share on other sites

  • 2 weeks later...

Hi Joomies.I have tried to read through the forum with the same subject, but didnt get any closer.I added a menu element in my main menu. The element should have been a link to the UddeIM inbox but right after reloading i got the famous: "Direct Access to this location is not allowed."Tried changing the theme, deleting the component, mod and plugins but no luck

Link to comment
Share on other sites

Hi Joomies.I have tried to read through the forum with the same subject, but didnt get any closer.I added a menu element in my main menu. The element should have been a link to the UddeIM inbox but right after reloading i got the famous: "Direct Access to this location is not allowed."Tried changing the theme, deleting the component, mod and plugins but no luck
That doesn't appear to have anything to do with access-control or XHR2, this seems to be a good article describing the issue: http://www.mydigitallife.info/2007/11/30/j...-allowed-error/.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...