How do you get around this Ajax cross site scripting problem on FireFox 3?
+14
A:
If you're using jQuery it has a callback function to overcome this:
http://docs.jquery.com/Ajax/jQuery.ajax#options
As of jQuery 1.2, you can load JSON data located on another domain if you specify a JSONP callback, which can be done like so: "myurl?callback=?". jQuery automatically replaces the ? with the correct method name to call, calling your specified callback. Or, if you set the dataType to "jsonp" a callback will be automatically added to your Ajax request.
Alternatively you could make your ajax request to a server-side script which does the cross-domain call for you, then passes the data back to your script
Glenn Slaven
2008-09-09 06:19:47
works only for json, what if you need xml ?
e-satis
2009-07-31 20:54:46
Well that's when you have to use the second option of doing the cross domain call in a server-side script that passes the xml back
Glenn Slaven
2009-08-03 00:30:22
A:
Some more details would be nice: which AJAX library are you using, what would you like to achive, how you do it.
For example it can be a cross-domain Ajax request, which is not allowed. In this case use JSON.
Biri
2008-09-09 06:22:21
Sorry, got that error using JQuery $.ajax on FireFox 3. Tried jsonp suggestion but I think that will only work with something that will serve up json. I'm trying to create a sample local html file based mashup that will pull data from Yahoo!Finance, but they are serving .csv, so I think I'm SOL.
Jimmy Chandra
2008-09-09 17:20:47
The "magic" that makes it work is the "P" part (padding) of the JSONP, not the JSON per se. With a set service (such as Yahoo, you likely are out of luck) since they won't change their service to make it available to call in that manner.
jeffreypriebe
2009-11-25 23:50:57
A:
I came across this problem recently and it was while I as AJAX loading the local request, not cross site scripting problem. Also, Jimmy himself seems to have the same problem. This seems to be the FF security problem, this article describes the cause and the solution to access to restricted uri denied" code: "1012 problem.
Sorry, got that error using JQuery $.ajax on FireFox 3. Tried jsonp suggestion but I think that will only work with something that will serve up json. I'm trying to create a sample local html file based mashup that will pull data from Yahoo!Finance, but they are serving .csv, so I think I'm SOL. – Jimmy Chandra (Sep 9 at 17:20)
I hope you'll find it useful.
Uzbekjon
2009-02-14 05:53:52
+3
A:
To update the answer (I guess, mostly for my benefit when I come looking for this answer later on), if are loading XML or something else, you can always ask the user if he will allow us to read from another site with this code:
try {
if (netscape.security.PrivilegeManager.enablePrivilege)
netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) {
alert("Sorry, browser security settings won't let this program run.");
return;
}
(from the RESTful web services book) But, this only works in firefox, when the html file is loaded from local file. So, not that useful.
Jose M Vidal
2009-03-24 20:04:18
A:
One more solution: if all you need is the headers, you can specify "HEAD" as the method and it won't trigger the security issue. For instance, if you just want to know if the web page exists.
var client = new XMLHttpRequest();
client.open("HEAD", my_url, false);
client.send(null);
if(client.readyState != 4 || client.status != 200) //if we failed
alert("can't open web page");
Eyal
2010-05-01 11:33:17