views:

24422

answers:

5

How do you get around this Ajax cross site scripting problem on FireFox 3?

+14  A: 

If you're using jQuery it has a callback function to overcome this:

http://docs.jquery.com/Ajax/jQuery.ajax#options

As of jQuery 1.2, you can load JSON data located on another domain if you specify a JSONP callback, which can be done like so: "myurl?callback=?". jQuery automatically replaces the ? with the correct method name to call, calling your specified callback. Or, if you set the dataType to "jsonp" a callback will be automatically added to your Ajax request.

Alternatively you could make your ajax request to a server-side script which does the cross-domain call for you, then passes the data back to your script

Glenn Slaven
works only for json, what if you need xml ?
e-satis
Well that's when you have to use the second option of doing the cross domain call in a server-side script that passes the xml back
Glenn Slaven
A: 

Some more details would be nice: which AJAX library are you using, what would you like to achive, how you do it.

For example it can be a cross-domain Ajax request, which is not allowed. In this case use JSON.

Biri
Sorry, got that error using JQuery $.ajax on FireFox 3. Tried jsonp suggestion but I think that will only work with something that will serve up json. I'm trying to create a sample local html file based mashup that will pull data from Yahoo!Finance, but they are serving .csv, so I think I'm SOL.
Jimmy Chandra
The "magic" that makes it work is the "P" part (padding) of the JSONP, not the JSON per se. With a set service (such as Yahoo, you likely are out of luck) since they won't change their service to make it available to call in that manner.
jeffreypriebe
A: 

I came across this problem recently and it was while I as AJAX loading the local request, not cross site scripting problem. Also, Jimmy himself seems to have the same problem. This seems to be the FF security problem, this article describes the cause and the solution to access to restricted uri denied" code: "1012 problem.

Sorry, got that error using JQuery $.ajax on FireFox 3. Tried jsonp suggestion but I think that will only work with something that will serve up json. I'm trying to create a sample local html file based mashup that will pull data from Yahoo!Finance, but they are serving .csv, so I think I'm SOL. – Jimmy Chandra (Sep 9 at 17:20)

I hope you'll find it useful.

Uzbekjon
+3  A: 

To update the answer (I guess, mostly for my benefit when I come looking for this answer later on), if are loading XML or something else, you can always ask the user if he will allow us to read from another site with this code:

try {
       if (netscape.security.PrivilegeManager.enablePrivilege)
         netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
     } catch (e) { 
       alert("Sorry, browser security settings won't let this program run."); 
       return; 
     }

(from the RESTful web services book) But, this only works in firefox, when the html file is loaded from local file. So, not that useful.

Jose M Vidal
A: 

One more solution: if all you need is the headers, you can specify "HEAD" as the method and it won't trigger the security issue. For instance, if you just want to know if the web page exists.

    var client = new XMLHttpRequest();
    client.open("HEAD", my_url, false);
    client.send(null);
    if(client.readyState != 4 || client.status != 200) //if we failed
      alert("can't open web page");
Eyal