Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Gotta javascript error "Access is denied"

Hello!

I have a Cold fusion page which will query database and create a xml doc.

I have another html page which will try to read the xml doc in the javascript.

It works correctly until I tried to put up the html page in another domain like below. It will give a javascript error, "Access is denied"

ie. my Cold Fusion page is at www.domainA.com and html page at www.domainZ.com

Does the error got to do with domainA.com or domainZ.com?

Celine
0
celine
Asked:
celine
  • 2
1 Solution
 
celineAuthor Commented:
I have managed to find something on the web, its about CROSS DOMAIN XML and XML ClientSide Security.

My Javascript in www.domainZ.com have to read the XML doc in www.domainA.com. If there is a security issue on having domainZ.com to read domainA.com's XML file, what other methods do I have? domainZ.com can only use javascript to access the XML doc.
0
 
b1xml2Commented:
The only way to read the XML Document/Tree if you are using MSXML is to change the security settings for the client browser to the following:

Access Data Sources Across Domains To
1. Enable (No Problems Retrieving XML Content On The Client From A Different Domain)

2. Prompt. Users will get an irritating but important security alert and can refuse request.

Note
====
The problem is that each and every participating browser must have the correct settings or they cannot view the data correctly.

I am sure you can use CFM to plug into the ServerXMLHTTP Object (Windows NT/2000 Platform Only) and load the remote documents from the web server. In this case, the client just requests the data from the main domain and the web server in that domain acts as a proxy for the delivery of the data.

An example of this under IIS and ASP follows:-
<%@language="VBScript"%>
<%
Response.Buffer = True
'expire page immediately
Response.Expires = -1
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma","no-cache"
Response.ContentType = "text/xml"

Dim oHTTP, oXML
Set oHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
Set oXML = Server.CreateObject("Msxml2.DOMDocument.4.0")
oXML.async = False
oXML.validateOnParse = False
oXML.resolveExternals = False
' open(<http_header>,<url>,<asynchronous_loading>,[<user_name>,<password>])
oHTTP.open "GET","http://www.domainA.com",False
oHTTP.send
'the following handles DTD declarations as well as character encoding issues
'recommendation: stick to code as is
oXML.load oHTTP.responseBody
'send xml document as stream to the Response Object
oXML.save Response
Set oHTTP = Nothing
Set oXML = Nothing
%>

Note
====
1. No Error Handling Is Provided In The Code To Make Things Simple.
2. Using the ServerXMLHTTP requires that the proxycfg.exe be run to set the proxy settings. Under MSXML4 (use SP1), the default is direct connection to the Internet.
run proxycfg.exe /? to see the parameters
0
 
b1xml2Commented:
at least have the courtesy to provide some feedback...
0
 
rdcproCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept b1xml2's answer

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

rdcpro
EE Cleanup Volunteer
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now