views:

472

answers:

1

Hi, I am trying to create a website where I host my data on google spreadsheets, and show data to the user in his browser using dojo.

However, I am getting the error

Access to restricted URI denied" code: "1012

when the browser encounters:

var stateStore = new dojox.data.CsvStore(
{url: "http://spreadsheets.google.com/pub?key=p0jvMlPF5YqcUllrbwZzQBg&output=csv&gid=0", 
label: "name"});

while replacing it with a locally stored copy of the same CSV works fine.

From what my google searches told me, this is due to security restrictions in modern browsers which try to protect you from cross-site scripting attack. Of course, I would like some way to be able to "whitelist" this domain for the purpose of my page.

Any suggestions?

The Full HTML Code is

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <style type="text/css">
        @import "dojo-release-1.2.3/dijit/themes/tundra/tundra.css";
        @import "dojo-release-1.2.3/dojo/resources/dojo.css"
    </style>
    <script type="text/javascript" src="dojo-release-1.2.3/dojo/dojo.js"
         djConfig="parseOnLoad:true, isDebug: true"></script>
    <script>
     dojo.require("dojox.data.CsvStore");
     dojo.require("dijit.Tree");
     dojo.require("dojo.parser");
    </script>
    <script type="text/javascript">
     var stateStore = new dojox.data.CsvStore({url: "http://spreadsheets.google.com/pub?key=p0jvMlPF5YqcUllrbwZzQBg&amp;output=csv&amp;gid=0", label: "name"});
//   var stateStore = new dojox.data.CsvStore({url: "states.csv", label: "name"});
    </script>


</head>
<body class="tundra">
<!--    <div dojoType="dojox.data.CsvStore" url="http://spreadsheets.google.com/pub?key=p0jvMlPF5YqcUllrbwZzQBg&amp;output=csv&amp;gid=0" jsid="stateStore" /> -->
    <div dojoType="dijit.Tree" store="stateStore" labelAttr="name" label="States"></div>
</body>
</html>

Thanks in advance, Animesh

+2  A: 

Same origin policy.

The domain used to access the page must match the domain requested. So, you can't access spreadsheets.google.com from somewhere else using JavaScript solely.

The workaround that I hear about most is a cross-domain proxy -- a server-side script that GETs (or POSTs) to another domain and echoes the results back to JavaScript.

Jonathan Lonowski