Solved

"uncaught exception: permission denied to call method XMLHttpRequest.open"

Posted on 2007-03-27
7
1,126 Views
Last Modified: 2012-05-05
I'm running JSP file on Apache Tomcat.  It embeds Javascript codes that send XMLHttpRequest to a website (http://api.clickatell.com/http/sendmsg) and (is supposed to) receive response.

This doesn't work on IE and Firefox, however, due to some security restrictions.  The javascript error message is:

            "uncaught exception: permission denied to call method XMLHttpRequest.open"

I researched the web and found that the solution is by enabling UniversalBrowserRead setting.  So, I copied and added these lines:

            try {
                        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
            } catch (e) {
                        alert("Permission UniversalBrowserRead denied.");
            }

This works on a standalone HTML file, but when I deployed it into Apache-Tomcat server, it doesn't work anymore.  It doesn't allow the UniversalBrowserRead to be enabled.

So, what should I do now?  What is the cause of this?  Should I add some browser security configuration using .htaccess?  

Below is the complete line of the Javascript codes:

<script language="javascript" type="text/javascript">
<!--
                        function sendSMS(url, data) {
                  
                  alert("test");
                  var res;
                  var req;
                  
                  try {
                        req = new XMLHttpRequest();
                  }
                  catch(error) {
                        try{
                              req=new  ActiveXObject("Microsoft.XMLHTTP");
                        }
                        catch(error) {
                              req=null;
                        }
                  }
            try {
                        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                  } catch (e) {
                        alert("Permission UniversalBrowserRead denied.");
                  }
                    req.open("POST", url, false);
                  req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
                  req.send(data);
                  res= req.readyState;
                  
                  alert("test");
                  return res;
            }
                        
                        sendSMS("<%out.print(sUrl);%>", "<%out.print(sPostData);%>");
//-->
</script>

Thanks!!
0
Comment
Question by:SWB-Consulting
  • 2
  • 2
7 Comments
 
LVL 26

Accepted Solution

by:
DireOrbAnt earned 250 total points
ID: 18806093
XMLHttpRequest doesn't allow you to call URLs that are not on the same domain as the page you're in. It's called cross-domain scripting and you can read about it here and there ;)
http://en.wikipedia.org/wiki/Cross_site_scripting
0
 
LVL 75

Expert Comment

by:Michel Plungjan
ID: 18806688
Also you can only change privileges on a stand alone html file loaded from your hard disk, as soon as you load it from the web, the code needs to be signed.

You can bypass these things by accessing the site in question from your server and present the result - that may violate copyright though
0
 

Author Comment

by:SWB-Consulting
ID: 18810397
Argh shoot.

Is there any other way to run this function successfully?  There should be a way, shouldn't it?

I'm using Java and JSP, so if you can direct me to a possible implementation that would be very helpful.
0
 
LVL 26

Expert Comment

by:DireOrbAnt
ID: 18810809
No other way (well, I've seen hacks, but most get patched by browser vendors soon enough).
It's about security, I guess if you could go around it, it would not be security...

You can call it from an app you would build and do the bridging.
0
 
LVL 75

Assisted Solution

by:Michel Plungjan
Michel Plungjan earned 250 total points
ID: 18811439
Call it using an httpurlconnection at the server and serve it from there
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

When you need to keep track of a simple list of numbers or strings, the Array object is your most direct tool.  As we saw in my earlier EE Article (http://www.experts-exchange.com/A_3488.html), typical array handling might look like this: (CODE) B…
In this article, we'll look how to sort an Array in JavaScript, including the more advanced techniques of sorting a collection of records either ascending or descending on two or more fields. Basic Sorting of Arrays First, let's look at the …
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now