XMLHttpRequest over SSL from Firefox extension

Question

Hi there,

I'm going to develop a firefox extension which makes an XMLHttpRequest to this WebService.

I can query the service correctly with the following code (from the overlay.js):

var req = "<soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:dat=\"http://webservice.whereisnow.com/datatypes\"&gt;&lt;soapenv:Header/&gt;&lt;soapenv:Body&gt;&lt;dat:CurrentDocument&gt;&lt;dat:applicationId&gt;1&lt;/dat:applicationId&gt;&lt;dat:publisherId&gt;84&lt;/dat:publisherId&gt;&lt;dat:documentId&gt;8&lt;/dat:documentId&gt;&lt;dat:versionId&gt;1&lt;/dat:versionId&gt;&lt;/dat:CurrentDocument&gt;&lt;/soapenv:Body&gt;&lt;/soapenv:Envelope&gt;";
var xmlhttpreq =  Components.classes["@mozilla.org/xmlextras/xmlhttprequest;1"].createInstance(Components.interfaces.nsIXMLHttpRequest);

xmlhttpreq.open("POST","https://www.whereisnow.com/webservice",false); // false = async
xmlhttpreq.channel.loadFlags |= Components.interfaces.nsIRequest.LOAD_BYPASS_CACHE;      
xmlhttpreq.send(req);
if (xmlhttpreq.readyState == 4){ 
   if(xmlhttpreq.status == 200)
      alert(xmlhttpreq.responseText);
   else
      alert("Error: xmlhttpreq.status = " + xmlhttpreq.status)
   }
else
   alert("Not ready: xmlHttpreq.readyState = " + xmlHttpreq.readyState);

The responseText will be a valid xml that I can manipulate, but the WebService can be accessed both via http and https (SSL), and I MUST do it over https because authentication is required to do some stuff.

In order to access via https I MUST modify the endpoint using https:// instead of http:// and the request xml in this way:

var req = "<soapenv:Envelope xmlns:dat=\"http://webservice.whereisnow.com/datatypes\" xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"&gt;&lt;soapenv:Header&gt;&lt;wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"&gt;&lt;wsse:UsernameToken wsu:Id=\"UsernameToken-1\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"&gt;&lt;wsse:Username&gt;MY_USERNAME&lt;/wsse:Username&gt;&lt;wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\"&gt;SHA1_OF_MY_PASSWORD&lt;/wsse:Password&gt;&lt;/wsse:UsernameToken&gt;&lt;/wsse:Security&gt;&lt;/soapenv:Header&gt;&lt;soapenv:Body&gt;&lt;dat:CurrentDocument&gt;&lt;dat:applicationId&gt;1&lt;/dat:applicationId&gt;&lt;dat:publisherId&gt;84&lt;/dat:publisherId&gt;&lt;dat:documentId&gt;10&lt;/dat:documentId&gt;&lt;dat:versionId&gt;1&lt;/dat:versionId&gt;&lt;/dat:CurrentDocument&gt;&lt;/soapenv:Body&gt;&lt;/soapenv:Envelope&gt;";

The problem is that the server status is always 500 and the responseText is always this:

<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"&gt;&lt;soapenv:Body&gt;&lt;soapenv:Fault&gt;&lt;faultcode&gt;soapenv:Server&lt;/faultcode&gt;&lt;faultstring&gt;InvalidSecurity&lt;/faultstring&gt;&lt;detail&gt;&lt;/detail&gt;&lt;/soapenv:Fault&gt;&lt;/soapenv:Body&gt;&lt;/soapenv:Envelope&gt;

Any help?

---

EDIT

With the code found at this url I discovered that the SSL certificate of the service is correctly working. So I think the problem isn't about https...

Answer 1

solved adding the following lines after the open(...):

xmlhttpreq.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
xmlhttpreq.setRequestHeader("SOAPAction", "whereIsNow");