I'm working on a FireFox extension that uses XMLHttpRequest to grab data from a remote server.
The javascript code is as follows:
function _PostBackObject(data) {
var postBack = new XMLHttpRequest();
postBack.onreadystatechange =
function(){
if (postBack.readyState == 4) {
if (postBack.status == 200) {
// Success
return;
}
_ErrorOccured(postBack.status);
}
};
postBack.open("POST", postBackUrl, true, user, password); //This is line #51
postBack.send(data);
}
I get the following error in the FireFox console:
Error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "chrome://my_ext/content/context.js Line: 51"]
The postBackUrl can be anything (for testing purposes I've been using local machine [127.0.0.1] and a server sitting on my local network [so 192.168.*.*], both on port 8088) as it is user entered.
It looks like I'm tripping over XSS security measures. How would I work around this?
Some additional details:
- FireFox 3.5.3 (it's acceptable to restrict to this and newer)
- Unsigned extension (I would self-sign it, but that's quite a hassle and gains you nothing as far as I can tell)
- I have complete control over the remote server (its a custom setup, not Apache or IIS, written in C# for .NET 3.5)