Solved

Gotta javascript error "Access is denied"

Posted on 2002-04-22
5
223 Views
Last Modified: 2008-03-17
Hello!

I have a Cold fusion page which will query database and create a xml doc.

I have another html page which will try to read the xml doc in the javascript.

It works correctly until I tried to put up the html page in another domain like below. It will give a javascript error, "Access is denied"

ie. my Cold Fusion page is at www.domainA.com and html page at www.domainZ.com

Does the error got to do with domainA.com or domainZ.com?

Celine
0
Comment
Question by:celine
  • 2
5 Comments
 

Author Comment

by:celine
ID: 6959653
I have managed to find something on the web, its about CROSS DOMAIN XML and XML ClientSide Security.

My Javascript in www.domainZ.com have to read the XML doc in www.domainA.com. If there is a security issue on having domainZ.com to read domainA.com's XML file, what other methods do I have? domainZ.com can only use javascript to access the XML doc.
0
 
LVL 23

Accepted Solution

by:
b1xml2 earned 50 total points
ID: 6974739
The only way to read the XML Document/Tree if you are using MSXML is to change the security settings for the client browser to the following:

Access Data Sources Across Domains To
1. Enable (No Problems Retrieving XML Content On The Client From A Different Domain)

2. Prompt. Users will get an irritating but important security alert and can refuse request.

Note
====
The problem is that each and every participating browser must have the correct settings or they cannot view the data correctly.

I am sure you can use CFM to plug into the ServerXMLHTTP Object (Windows NT/2000 Platform Only) and load the remote documents from the web server. In this case, the client just requests the data from the main domain and the web server in that domain acts as a proxy for the delivery of the data.

An example of this under IIS and ASP follows:-
<%@language="VBScript"%>
<%
Response.Buffer = True
'expire page immediately
Response.Expires = -1
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma","no-cache"
Response.ContentType = "text/xml"

Dim oHTTP, oXML
Set oHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
Set oXML = Server.CreateObject("Msxml2.DOMDocument.4.0")
oXML.async = False
oXML.validateOnParse = False
oXML.resolveExternals = False
' open(<http_header>,<url>,<asynchronous_loading>,[<user_name>,<password>])
oHTTP.open "GET","http://www.domainA.com",False
oHTTP.send
'the following handles DTD declarations as well as character encoding issues
'recommendation: stick to code as is
oXML.load oHTTP.responseBody
'send xml document as stream to the Response Object
oXML.save Response
Set oHTTP = Nothing
Set oXML = Nothing
%>

Note
====
1. No Error Handling Is Provided In The Code To Make Things Simple.
2. Using the ServerXMLHTTP requires that the proxycfg.exe be run to set the proxy settings. Under MSXML4 (use SP1), the default is direct connection to the Internet.
run proxycfg.exe /? to see the parameters
0
 
LVL 23

Expert Comment

by:b1xml2
ID: 7064057
at least have the courtesy to provide some feedback...
0
 
LVL 26

Expert Comment

by:rdcpro
ID: 10298376
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept b1xml2's answer

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

rdcpro
EE Cleanup Volunteer
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Problem How to write an Xquery that works like a SQL outer join, providing placeholders for absent data on the outer side?  I give a bit more background at the end. The situation expressed as relational data Let’s work through this.  I’ve …
I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question