XMLHttpRequest in Safari/Dashboard/WebKit

Posted on 2007-07-31
Last Modified: 2013-11-24
According to Apple themselves, at this link (under Security Issues), the XMLHttpRequest object cannot be used to make cross-domain requests. However, I've seen tutorials like this and actual working dashboard widgets like Twidget ( that use the object to call web services on another domain.

So, needless to say, I'm confused. Does Safari/Dashboard/WebKit somehow proxy the request? If I download Twidget and run it in Safari, it works fine, but if I run it in Firefox using Firebug, it gives me a Permission Denied error in the console when trying to make the XMLHttpRequest.
Question by:lukeinjax
    LVL 54

    Expert Comment

    I am not a Safari expert and right now it is pretty hard for me to get firsthand info on it or play with it.  However I do know Javascript and the browser security issues you mention.  A proxy could be one way around this but it is usually done with signed or "trusted" scripts.  The browser, its security, and the way it uses Javascript affects this so a solution for Safari might not work the same way in IE, Firefox, Opera, etc.  The location of the script and page (i.e. intranet, Internet, local) can also affect this.  In other words the browsers will allow more things when the page and script are local or in an intranet than if it is an Internet webpage.

    This should clear things up at least a bit.  Let me know what additional info you need or what other questions you have.  I can elaborate on most of what I mentioned so just need to let me know.  If you want more info on signed scripts, etc then let me know.


    Author Comment

    Well, I kind of suspected that there was something in Safari that allowed XMLHttpRequests from localhost, but I wasn't able to find anything on the web that says so. There isn't a whole lot of stuff out there on developing Dashboard widgets, and certainly nothing that I could find that went into the details about how/why XMLHttpRequests seem to work from Dashboard, but not from other hosts in Safari. Is there anything out there that can explain this a little better?
    LVL 54

    Accepted Solution

    The security is browser dependent but I doubt that Safari is the thing that allows it, at least directly.  I haven't been able to find details and I am not a Safari expert and have little experience with Dashboard but I can go off of my general experience with browsers and that object.  Dashboard is adding or extending the ability of the browser.  Basically to the browser it still looks local because Dashboard or the widget is used.  This isn't unique to Safari and Dashboard.  Let me know if you aren't sure what I mean.

    If you want details on developing a widget then you can try to ask another question in the Safari zone or another more appropriate zone.  Let me know how this helps or if you have a question.


    Featured Post

    Training Course: Android App Development

    This course will involve creating widgets, customize list view, grid view, spinners, etc. Creating applications using audio, video, and SQLite database. Ending with publication on Google Play.

    Join & Write a Comment

    Suggested Solutions

    The /etc/authorization file in Mac OS X 10.x can be used to control access to the various panes of the System Preferences amongst other things. It’s used by some of us Mac Sys Admin’s to give Standard Users access to System Prefs panes that only adm…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
    The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now