In a system that I'm building I want to serve Static files (static HTML pages and a lot of images), and Dynamic XML generated by my servlet. The dynamic XML is generated from my database (through Hibernate) and I use Restlets to serve it in response to API calls. I want to create a static file server (e.g. Apache) so that this does n...
Hi, I am trying to intercept links clicked on a page including those inside an iframe. This is the code that I have but it is not working. Any ideas what I need to do? $("#container").delegate('a', 'click', function(e){ //do stuff } Container is the id of the div just inside the iframe. Thanks in advance for any advice ...
I am working on a Firefox extension that will involve ajax calls to domains that would normally fail due to the same-origin policy set by Firefox (and most modern browsers). I was wondering if there is a way to either turn off the same-origin restriction (in about:config, perhaps) or if there was a standard lite-browser that developers ...
I made the following observation: If I create an svg image that references an external raster image via xlink:href and try to load the svg in browsers, the external images are only shown if I use the <object> tag, but not when using the <img> tag. Rendering with the <object> tag is quite slow and not as clean as using the img tag for i...
My current project for work involves developing a SharePoint 2007 WebPart which will be deployed by our clients. To provide a better user experience, I am "simulating" ajax via setting the SRC attribute of an IFRAME to be the address of an HTTP handler. These handlers are deployed to the layouts directory in the 12 hive. Although this w...
Hi, I am trying to find a client-side way to determine if a page on a remote domain has changed. I can't load the page in an iframe and examine its contents due to same origin policy. So I tried using .getResponseHeader("Content-Length") and .getResponseHeader("Last-Modified") but apparently these are also restricted by SOP even tho...
I'm thinking about a system in which I allow users to create Javascript-empowered widgets for other users to embed in their dashboard on my website. I'd like to limit these widgets fairly strictly, so each would exist as an iframe kept on its own unique hostname: the widget with ID #47 would be accessible at w47.widgets.example.com, for ...
The same origin policy I wanted to make a community wiki regarding HTML/JS same-origin policies to hopefully help anyone searching for this topic. This is one of the most searched-for topics on SO and there is no consolidated wiki for it so here I go :) The same origin policy prevents a document or script loaded from one origin ...
Why did the creators of the HTML DOM and/or Javascript decide to disallow cross-domain requests? I can see some very small security benefits of disallowing it but in the long run it seems to be an attempt at making Javascript injection attacks have less power. That is all moot anyway with JSONP, it just means that the javascript code is...
Something I find really confusing, is why are ajax requests limited to the same domain? What is the reasoning behind this? I don't see any problem with requesting files from external locations, also servers making XMLHTTP requests seem to get and post to external locations fine. ...
I'm a newbie programmer working with jQuery and wonder if anyone can help me out. Essentially, I've created some html for a social button's section on our articles. I've uploaded that with the aim of using jQuery's .load() function to pull it into every article. It works in IE7, but not in Firefox or Chrome. Can anyone help fix it? <...
here are bunch of codes isolating this problem: create 3 files on local server: test.html <SCRIPT language="JavaScript" SRC="http://localhost/postmsg.js"></SCRIPT> <iframe src="http://127.0.0.1/iframe.htm" id="iframe"></iframe> <div>Click anywhere on this page to see message from embedded iframe, which do not need to be on ...
I'd like to create a service where people can enter external websites, after which the returned source will be modified by my application (for whatever purpose) and then returned to the user. One would normally redirect all traffic through the server, so that the server is the one accessing the external source. This is because HTML5 and...
If I have a WCF SOAP (C#) based web service running in my local IIS - and I make an ASP.net website, again running in my local IIS - will the javascript making HTTP request calls from my webpage be successful? Or do the same origin policy rules come into play here? ...
I've been reading about the JavaScript Client Library for Google Data Protocol and it seems that it can access any Google service that has a proper interface (Docs, Spreadsheets, Calendar etc.) If I use this client in my own application hosted on my own domain, how does the js client library get around the same-origin-policy that seems ...
Trying to use ajax, getJSON, and functions like that to fetch an external URL from a local (non-server) development computer. Is there a way to bypass the same origin policy, so that I can test locally, instead of having to upload to a server? ...
I have a file, sample.xml located at one web server. I want to access this file from a GWT application running at another server. I dont want to make RPC calls to the same server serving GWT application and access the required file on server side (like a proxy). I want to access the file directly from client side as my application is goi...
I've spent the last 5 months developing a gwt app, and it's now become time for third party people to start using it. In preparation for this one of them has set up my app behind a reverse proxy, and this immediately resulted in problems with the browser's same origin policy. I guess there's a problem in the response headers, but I can't...
I know if on my own webpage, if my user is on : http://www.example.com/form.php and I make an ajax request from that page to : http://example.com/responder.php It will fail because of the Same origin policy (subdomain is different). What I am trying to understand is, how is it that AJAX requests can pull data from API's like flickr ...
We are providing a snippit of HTML that our client can embed on their website to make a callback to our API. This HTML is a simple form and a Javascript file hosted on our server. This is what the client hosts on their website (clientsite.com): <script type="text/javascript" src="http://mysite.com/webcallback/callback_script.js">&l...