• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 695
  • Last Modified:

XMLHttpRequest in Safari/Dashboard/WebKit

According to Apple themselves, at this link http://developer.apple.com/internet/webcontent/xmlhttpreq.html (under Security Issues), the XMLHttpRequest object cannot be used to make cross-domain requests. However, I've seen tutorials like this http://www.oreillynet.com/pub/a/mac/2005/06/07/dashboard.html and actual working dashboard widgets like Twidget (http://www.frankmanno.com/widgets/twidget/) that use the object to call web services on another domain.

So, needless to say, I'm confused. Does Safari/Dashboard/WebKit somehow proxy the request? If I download Twidget and run it in Safari, it works fine, but if I run it in Firefox using Firebug, it gives me a Permission Denied error in the console when trying to make the XMLHttpRequest.
0
lukeinjax
Asked:
lukeinjax
  • 2
1 Solution
 
b0lsc0ttCommented:
I am not a Safari expert and right now it is pretty hard for me to get firsthand info on it or play with it.  However I do know Javascript and the browser security issues you mention.  A proxy could be one way around this but it is usually done with signed or "trusted" scripts.  The browser, its security, and the way it uses Javascript affects this so a solution for Safari might not work the same way in IE, Firefox, Opera, etc.  The location of the script and page (i.e. intranet, Internet, local) can also affect this.  In other words the browsers will allow more things when the page and script are local or in an intranet than if it is an Internet webpage.

This should clear things up at least a bit.  Let me know what additional info you need or what other questions you have.  I can elaborate on most of what I mentioned so just need to let me know.  If you want more info on signed scripts, etc then let me know.

bol
0
 
lukeinjaxAuthor Commented:
Well, I kind of suspected that there was something in Safari that allowed XMLHttpRequests from localhost, but I wasn't able to find anything on the web that says so. There isn't a whole lot of stuff out there on developing Dashboard widgets, and certainly nothing that I could find that went into the details about how/why XMLHttpRequests seem to work from Dashboard, but not from other hosts in Safari. Is there anything out there that can explain this a little better?
0
 
b0lsc0ttCommented:
The security is browser dependent but I doubt that Safari is the thing that allows it, at least directly.  I haven't been able to find details and I am not a Safari expert and have little experience with Dashboard but I can go off of my general experience with browsers and that object.  Dashboard is adding or extending the ability of the browser.  Basically to the browser it still looks local because Dashboard or the widget is used.  This isn't unique to Safari and Dashboard.  Let me know if you aren't sure what I mean.

If you want details on developing a widget then you can try to ask another question in the Safari zone or another more appropriate zone.  Let me know how this helps or if you have a question.

bol
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now