Solved

"uncaught exception: permission denied to call method XMLHttpRequest.open"

Posted on 2007-03-27
7
1,137 Views
Last Modified: 2012-05-05
I'm running JSP file on Apache Tomcat.  It embeds Javascript codes that send XMLHttpRequest to a website (http://api.clickatell.com/http/sendmsg) and (is supposed to) receive response.

This doesn't work on IE and Firefox, however, due to some security restrictions.  The javascript error message is:

            "uncaught exception: permission denied to call method XMLHttpRequest.open"

I researched the web and found that the solution is by enabling UniversalBrowserRead setting.  So, I copied and added these lines:

            try {
                        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
            } catch (e) {
                        alert("Permission UniversalBrowserRead denied.");
            }

This works on a standalone HTML file, but when I deployed it into Apache-Tomcat server, it doesn't work anymore.  It doesn't allow the UniversalBrowserRead to be enabled.

So, what should I do now?  What is the cause of this?  Should I add some browser security configuration using .htaccess?  

Below is the complete line of the Javascript codes:

<script language="javascript" type="text/javascript">
<!--
                        function sendSMS(url, data) {
                  
                  alert("test");
                  var res;
                  var req;
                  
                  try {
                        req = new XMLHttpRequest();
                  }
                  catch(error) {
                        try{
                              req=new  ActiveXObject("Microsoft.XMLHTTP");
                        }
                        catch(error) {
                              req=null;
                        }
                  }
            try {
                        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                  } catch (e) {
                        alert("Permission UniversalBrowserRead denied.");
                  }
                    req.open("POST", url, false);
                  req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
                  req.send(data);
                  res= req.readyState;
                  
                  alert("test");
                  return res;
            }
                        
                        sendSMS("<%out.print(sUrl);%>", "<%out.print(sPostData);%>");
//-->
</script>

Thanks!!
0
Comment
Question by:SWB-Consulting
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 250 total points
ID: 18806093
XMLHttpRequest doesn't allow you to call URLs that are not on the same domain as the page you're in. It's called cross-domain scripting and you can read about it here and there ;)
http://en.wikipedia.org/wiki/Cross_site_scripting
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 18806688
Also you can only change privileges on a stand alone html file loaded from your hard disk, as soon as you load it from the web, the code needs to be signed.

You can bypass these things by accessing the site in question from your server and present the result - that may violate copyright though
0
 

Author Comment

by:SWB-Consulting
ID: 18810397
Argh shoot.

Is there any other way to run this function successfully?  There should be a way, shouldn't it?

I'm using Java and JSP, so if you can direct me to a possible implementation that would be very helpful.
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 18810809
No other way (well, I've seen hacks, but most get patched by browser vendors soon enough).
It's about security, I guess if you could go around it, it would not be security...

You can call it from an app you would build and do the bridging.
0
 
LVL 75

Assisted Solution

by:Michel Plungjan
Michel Plungjan earned 250 total points
ID: 18811439
Call it using an httpurlconnection at the server and serve it from there
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the difference between strict equality operator and equality operator in JavaScript. The Need: Because JavaScript performs an implicit type conversion when performing comparisons, we have to take this into account when wri…
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question