Solved

Gotta javascript error "Access is denied"

Posted on 2002-04-22
5
222 Views
Last Modified: 2008-03-17
Hello!

I have a Cold fusion page which will query database and create a xml doc.

I have another html page which will try to read the xml doc in the javascript.

It works correctly until I tried to put up the html page in another domain like below. It will give a javascript error, "Access is denied"

ie. my Cold Fusion page is at www.domainA.com and html page at www.domainZ.com

Does the error got to do with domainA.com or domainZ.com?

Celine
0
Comment
Question by:celine
  • 2
5 Comments
 

Author Comment

by:celine
ID: 6959653
I have managed to find something on the web, its about CROSS DOMAIN XML and XML ClientSide Security.

My Javascript in www.domainZ.com have to read the XML doc in www.domainA.com. If there is a security issue on having domainZ.com to read domainA.com's XML file, what other methods do I have? domainZ.com can only use javascript to access the XML doc.
0
 
LVL 23

Accepted Solution

by:
b1xml2 earned 50 total points
ID: 6974739
The only way to read the XML Document/Tree if you are using MSXML is to change the security settings for the client browser to the following:

Access Data Sources Across Domains To
1. Enable (No Problems Retrieving XML Content On The Client From A Different Domain)

2. Prompt. Users will get an irritating but important security alert and can refuse request.

Note
====
The problem is that each and every participating browser must have the correct settings or they cannot view the data correctly.

I am sure you can use CFM to plug into the ServerXMLHTTP Object (Windows NT/2000 Platform Only) and load the remote documents from the web server. In this case, the client just requests the data from the main domain and the web server in that domain acts as a proxy for the delivery of the data.

An example of this under IIS and ASP follows:-
<%@language="VBScript"%>
<%
Response.Buffer = True
'expire page immediately
Response.Expires = -1
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma","no-cache"
Response.ContentType = "text/xml"

Dim oHTTP, oXML
Set oHTTP = Server.CreateObject("Msxml2.ServerXMLHTTP.4.0")
Set oXML = Server.CreateObject("Msxml2.DOMDocument.4.0")
oXML.async = False
oXML.validateOnParse = False
oXML.resolveExternals = False
' open(<http_header>,<url>,<asynchronous_loading>,[<user_name>,<password>])
oHTTP.open "GET","http://www.domainA.com",False
oHTTP.send
'the following handles DTD declarations as well as character encoding issues
'recommendation: stick to code as is
oXML.load oHTTP.responseBody
'send xml document as stream to the Response Object
oXML.save Response
Set oHTTP = Nothing
Set oXML = Nothing
%>

Note
====
1. No Error Handling Is Provided In The Code To Make Things Simple.
2. Using the ServerXMLHTTP requires that the proxycfg.exe be run to set the proxy settings. Under MSXML4 (use SP1), the default is direct connection to the Internet.
run proxycfg.exe /? to see the parameters
0
 
LVL 23

Expert Comment

by:b1xml2
ID: 7064057
at least have the courtesy to provide some feedback...
0
 
LVL 26

Expert Comment

by:rdcpro
ID: 10298376
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

Accept b1xml2's answer

Please leave any comments here within the next four days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

rdcpro
EE Cleanup Volunteer
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Problem How to write an Xquery that works like a SQL outer join, providing placeholders for absent data on the outer side?  I give a bit more background at the end. The situation expressed as relational data Let’s work through this.  I’ve …
The Client Need Led Us to RSS I recently had an investment company ask me how they might notify their constituents about their newsworthy publications.  Probably you would think "Facebook" or "Twitter" but this is an interesting client.  Their cons…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now