SWB-Consulting
asked on
"uncaught exception: permission denied to call method XMLHttpRequest.open"
I'm running JSP file on Apache Tomcat. It embeds Javascript codes that send XMLHttpRequest to a website (http://api.clickatell.com/http/sendmsg) and (is supposed to) receive response.
This doesn't work on IE and Firefox, however, due to some security restrictions. The javascript error message is:
"uncaught exception: permission denied to call method XMLHttpRequest.open"
I researched the web and found that the solution is by enabling UniversalBrowserRead setting. So, I copied and added these lines:
try {
netscape.security.Privileg
} catch (e) {
alert("Permission UniversalBrowserRead denied.");
}
This works on a standalone HTML file, but when I deployed it into Apache-Tomcat server, it doesn't work anymore. It doesn't allow the UniversalBrowserRead to be enabled.
So, what should I do now? What is the cause of this? Should I add some browser security configuration using .htaccess?
Below is the complete line of the Javascript codes:
<script language="javascript" type="text/javascript">
<!--
function sendSMS(url, data) {
alert("test");
var res;
var req;
try {
req = new XMLHttpRequest();
}
catch(error) {
try{
req=new ActiveXObject("Microsoft.X
}
catch(error) {
req=null;
}
}
try {
netscape.security.Privileg
} catch (e) {
alert("Permission UniversalBrowserRead denied.");
}
req.open("POST", url, false);
req.setRequestHeader ("Content-Type", "application/x-www-form-ur
req.send(data);
res= req.readyState;
alert("test");
return res;
}
sendSMS("<%out.print(sUrl)
//-->
</script>
Thanks!!
This doesn't work on IE and Firefox, however, due to some security restrictions. The javascript error message is:
"uncaught exception: permission denied to call method XMLHttpRequest.open"
I researched the web and found that the solution is by enabling UniversalBrowserRead setting. So, I copied and added these lines:
try {
netscape.security.Privileg
} catch (e) {
alert("Permission UniversalBrowserRead denied.");
}
This works on a standalone HTML file, but when I deployed it into Apache-Tomcat server, it doesn't work anymore. It doesn't allow the UniversalBrowserRead to be enabled.
So, what should I do now? What is the cause of this? Should I add some browser security configuration using .htaccess?
Below is the complete line of the Javascript codes:
<script language="javascript" type="text/javascript">
<!--
function sendSMS(url, data) {
alert("test");
var res;
var req;
try {
req = new XMLHttpRequest();
}
catch(error) {
try{
req=new ActiveXObject("Microsoft.X
}
catch(error) {
req=null;
}
}
try {
netscape.security.Privileg
} catch (e) {
alert("Permission UniversalBrowserRead denied.");
}
req.open("POST", url, false);
req.setRequestHeader ("Content-Type", "application/x-www-form-ur
req.send(data);
res= req.readyState;
alert("test");
return res;
}
sendSMS("<%out.print(sUrl)
//-->
</script>
Thanks!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Argh shoot.
Is there any other way to run this function successfully? There should be a way, shouldn't it?
I'm using Java and JSP, so if you can direct me to a possible implementation that would be very helpful.
Is there any other way to run this function successfully? There should be a way, shouldn't it?
I'm using Java and JSP, so if you can direct me to a possible implementation that would be very helpful.
No other way (well, I've seen hacks, but most get patched by browser vendors soon enough).
It's about security, I guess if you could go around it, it would not be security...
You can call it from an app you would build and do the bridging.
It's about security, I guess if you could go around it, it would not be security...
You can call it from an app you would build and do the bridging.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can bypass these things by accessing the site in question from your server and present the result - that may violate copyright though