tags:

views:

468

answers:

3
+2  Q: 

AJAX issues, no response or "access is denied"

What could it mean if I make an ajax request with the jQuery .load() and I get no response at all in firefox or chrome, and in ie8 I get an error saying "Access is Denied"?

+3  A: 

It usually means you are trying to violate the same origin policy and request data from a different host.

David Dorward  2010-02-22 11:44:42
+1  A: 

If you're loading a page that's in a different domain (example: www.yoursite.com and you're trying to load "yoursite.com" or even "google.com"), then you are getting a cross-site-scripting prevention error.

Timothy Khouri  2010-02-22 11:45:30
This is not XSS, which involves Party A tricking Party B into visiting Party C's website using a URL designed to exploit a security hole in Party C's website that allows arbitrary code to be added to it.
David Dorward  2010-02-22 11:47:28
You might want to read the wikipedia article.
Timothy Khouri  2010-02-22 12:16:02
Why, is it wrong? (reads…). No, it backs up what I said. It is about a subset of code injection vulnerabilities, not about browsers stopping authors from making cross domain HTTP requests. An XSS vulnerability would allow the same origin policy to be bypassed — quite the opposite of having a request blocked by the same origin policy!
David Dorward  2010-02-22 12:17:52
@David: You're right, but isn't the policy there to prevent XSS?
Daniel Vassallo  2010-02-22 12:18:35
No. It stops a different kind of attack against a third party site.
David Dorward  2010-02-22 12:20:14
OMFG.*it.never.gets.any.easier!*but, again, thanks guys. Today I've fallen in love with stack overflow. Saved my coding life twice.
David Meister  2010-02-22 12:54:01
yeah, I put in www. in front of my domain and it all worked. Funny that IE is what tipped me off to thinking it might be something outside of my code that was causing the issue.
David Meister  2010-02-22 12:57:12
A: 

try accessing your data through a php proxy like this: http://www.daniweb.com/code/snippet216729.html

with jQuery you can then send a request to your/relative/path/to/proxy.php?proxy_url=http://www.domain.com/yourdata

buggy1985  2010-02-22 12:19:51
Don't use a proxy that doesn't put strict limits on what URIs can be requested. Otherwise you open yourself up as a middleman for attacks of third party sites and for spammers to mask their own URIs with.
David Dorward  2010-02-22 12:22:46
You're right. But you can prevent attacks by checking the URL in your PHP-Script before accessing it.
buggy1985  2010-02-23 14:37:56

related questions

How do HttpOnly cookies work with AJAX requests?
ASP.NET JavaScript Callbacks Without Full PostBacks?
How to set encoding in .getJSON JQuery
Suggestions on Ajax development environment for PHP
Need to test an ajax timeout condition
XmlHttpRequest return values
Adobe AIR: Handling JSON objects from server
Best framework for implementing iGoogle or pageflakes (ASP.NET)
Is there some way to PUSH data from web server to browser?
Are there reasons not to use JSONP for AJA~X requests?
Minimize javascript HTTP calls from AjaxControlToolkit controls?
Only accepting certain ajax requests from authenticated users
ASP.net AJAX Drag/Drop?
Scrolling Overflowed DIVs with JavaScript
Speeding up an ASP.Net Web Site or Application
ICE Faces fileInput file path and file name properties
Ajax project suggestion.
Graphing JavaScript Library
Debugging: IE6 + SSL + AJAX + post form = 404 error
Best ajax library for Sharepoint
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?
What is Progressive Enhancement?
Tracking state using ASP.NET AJAX / ICallbackEventHandler
Easy way to AJAX WebControls
Modify Address Bar URL in AJAX App to Match Current State