Solved

Gotta javascript error "Access is denied"

Posted on 2002-04-22
5
221 Views
Last Modified: 2008-03-17
Hello!

I have a Cold fusion page which will query database and create a xml doc.

I have another html page which will try to read the xml doc in the javascript.

It works correctly until I tried to put up the html page in another domain like below. It will give a javascript error, "Access is denied"

ie. my Cold Fusion page is at www.domainA.com and html page at www.domainZ.com

Does the error got to do with domainA.com or domainZ.com?

Celine
0
Comment
Question by:celine
  • 2
5 Comments
 

Author Comment

by:celine
ID: 6959653
I have managed to find something on the web, its about CROSS DOMAIN XML and XML ClientSide Security.

My Javascript in www.domainZ.com have to read the XML doc in www.domainA.com. If there is a security issue on having domainZ.com to read domainA.com's XML file, what other methods do I have? domainZ.com can only use javascript to access the XML doc.
0
 
LVL 23

Accepted Solution

by:
b1xml2 earned 50 total points
ID: 6974739
The only way to read the XML Document/Tree if you are using MSXML is to change the security settings for the client browser to the following:

Access Data Sources Across Domains To
1. Enable (No Problems Retrieving XML Content On The Client From A Different Domain)

2. Prompt. Users will get an irritating but important security alert and can refuse request.

Note
====
The problem is that each and every participating browser must have the correct settings or they cannot view the data correctly.

I am sure you can use CFM to plug into the ServerXMLHTTP Object (Windows NT/2000 Platform Only) and load the remote documents from the web server. In this case, the client just requests the data from the main domain and the web server in that domain acts as a proxy for the delivery of the data.

An example of this under IIS and ASP follows:-
<%@language="VBScript"%>
<%
Response.Buffer = True
'expire page immediately
Response.Expires = -1
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma","no-cache"
Response.ContentType = "text/xml"

Dim oHTTP, oXML
Set oHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
Set oXML = Server.CreateObject("Msxml2.DOMDocument.4.0")
oXML.async = False
oXML.validateOnParse = False
oXML.resolveExternals = False
' open(<http_header>,<url>,<asynchronous_loading>,[<user_name>,<password>])
oHTTP.open "GET","http://www.domainA.com",False
oHTTP.send
'the following handles DTD declarations as well as character encoding issues
'recommendation: stick to code as is
oXML.load oHTTP.responseBody
'send xml document as stream to the Response Object
oXML.save Response
Set oHTTP = Nothing
Set oXML = Nothing
%>

Note
====
1. No Error Handling Is Provided In The Code To Make Things Simple.
2. Using the ServerXMLHTTP requires that the proxycfg.exe be run to set the proxy settings. Under MSXML4 (use SP1), the default is direct connection to the Internet.
run proxycfg.exe /? to see the parameters
0
 
LVL 23

Expert Comment

by:b1xml2
ID: 7064057
at least have the courtesy to provide some feedback...
0
 
LVL 26

Expert Comment

by:rdcpro
ID: 10298376
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept b1xml2's answer

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

rdcpro
EE Cleanup Volunteer
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
Many times as a report developer I've been asked to display normalized data such as three rows with values Jack, Joe, and Bob as a single comma-separated string such as 'Jack, Joe, Bob', and vice versa.  Here's how to do it. 
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now