HTTPRequest and Same Origin Policy

R

Randy Webb

Is the HTTPRequest Object in IE limited to the Same Origin Policy when
run from a webserver?
<URL: http://www.hikksworld.com/HTTPRequestIE.html />
When run in IE, throws a "Permission Denied" error. When I run that page
locally, it works without errors. Which leads me to believe that its
Same Origin Policy coming in, since I can give it www.hikksworld.com
instead of www.google.com and it works from the server.
Or, is it just something that I am missing that would allow it to "work"
in IE from the server?

The Mozilla version I have, works locally or from the server.
<URL: http://www.hikksworld.com/HTTPRequestMoz.html />
It doesn't matter (once I give permission) in Mozilla what file I want
to read, it reads it.
 
M

Martin Honnen

Randy said:
Is the HTTPRequest Object in IE limited to the Same Origin Policy when
run from a webserver?
<URL: http://www.hikksworld.com/HTTPRequestIE.html />
When run in IE, throws a "Permission Denied" error. When I run that page
locally, it works without errors. Which leads me to believe that its
Same Origin Policy coming in, since I can give it www.hikksworld.com
instead of www.google.com and it works from the server.
Or, is it just something that I am missing that would allow it to "work"
in IE from the server?

The Mozilla version I have, works locally or from the server.
<URL: http://www.hikksworld.com/HTTPRequestMoz.html />
It doesn't matter (once I give permission) in Mozilla what file I want
to read, it reads it.
Click to expand...


Your Mozilla version only throws errors for me with Netscape 7.1, and
looking at the code it appears you expect people to have codebased
principals enabled as otherwise the
netscape.security.PrivilegeManager.enablePrivilege call will simply fail
in a page loaded via http.

So both Mozilla and IE have the same origin policy for XMLHttpRequest
respectively Msxml2.XMLHTTP, with Netscape you need to successfully
request the privilege to be able to access files from other domains, and
IE can be configured to allow that in the security settings for the
internet zone, there is an option to allow access to data sources across
domains that can be enabled in general or set to prompt the user to
allow the access.
 
R

Randy Webb

Martin said:
Your Mozilla version only throws errors for me with Netscape 7.1, and
looking at the code it appears you expect people to have codebased
principals enabled as otherwise the
netscape.security.PrivilegeManager.enablePrivilege call will simply fail
in a page loaded via http.

So both Mozilla and IE have the same origin policy for XMLHttpRequest
respectively Msxml2.XMLHTTP, with Netscape you need to successfully
request the privilege to be able to access files from other domains, and
IE can be configured to allow that in the security settings for the
internet zone, there is an option to allow access to data sources across
domains that can be enabled in general or set to prompt the user to
allow the access.
Click to expand...

Many thanks Martin. When I first wrote that page, it was mostly for
personal use and a learning experience. Now, its on to learn how to do
that in PHP :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Same origin policy in IE ! 4
Same Origin Policy -- clarifications? 2
is IE6 violating the same-origin policy? 2
question about "same origin policy" 4
Is it possible to program a peer-to-peer network where you can customize your own client and server IP addresses? like radios on the same Hz 1
Disabling same origin policy on a per-site basis 0
java.security.manger policy question 4
Java UDP Socket Policy Files 0

Members online

Total: 16 (members: 2, guests: 14)
Robots: 213

Forum statistics

Threads
473,764
Messages
2,569,567
Members
45,041
Latest member
RomeoFarnh

Latest Threads

Top