kenitech
asked on
Permission denied to call method Location.toString error
The following error occurs in Firebug when an iframe (called on Domain A) pulls an html file on a different domain (domain B) that contains an embedded swf located on domain B. At first I thought it was a swfobject issue so I am trying to troubleshoot this with an object embed.
---------
Permission denied to call method Location.toString
---------
here is an example:
http://www.artworknotavailable.com/temp/iframetest.html
iframetest.html contains one iframe that calls http://www.keithhopkin.com/temp/flashbanner.html .
flashbanner.html contains an embed for a swf (published as flash 9) that has nothing in it except static text placed on the stage. It is not trying to load any data as this was my first thought. A few folks have mentioned the crossdomain.xml policy file but isn't this just for loading data into a swf?
http://willperone.net/Code/as3error.php
also, i have allowScriptAccess="always"
---------------
FIREFOX 3.0.3
WINXP
FIREBUG 1.2.1
---------
Permission denied to call method Location.toString
---------
here is an example:
http://www.artworknotavailable.com/temp/iframetest.html
iframetest.html contains one iframe that calls http://www.keithhopkin.com/temp/flashbanner.html .
flashbanner.html contains an embed for a swf (published as flash 9) that has nothing in it except static text placed on the stage. It is not trying to load any data as this was my first thought. A few folks have mentioned the crossdomain.xml policy file but isn't this just for loading data into a swf?
http://willperone.net/Code/as3error.php
also, i have allowScriptAccess="always"
---------------
FIREFOX 3.0.3
WINXP
FIREBUG 1.2.1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>iframetest.html</title>
</head>
<body>
<iframe src="http://www.keithhopkin.com/temp/flashbanner.html" height="110" width="110"></iframe>
</body>
</html>
----------------
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>flashbanner.html</title>
</head>
<body>
<div id="myId">
<object type="application/x-shockwave-flash" width="100" height="100" data="http://www.keithhopkin.com/temp/nothing.swf">
<embed src="nothing.swf" allowScriptAccess="always" type="application/x-shockwave-flash" width="100" height="100">
<param name="movie" value="nothing.swf" />
</object>
</div>
</body>
</html>
What you are experiencing is a cross-site scripting security restriction. Since the domains of the frames are from different domains, the script(s)on one frame cannot read the url of the other (and vice versa). At first glance it may seem that being able to read the url from each other is "harmless" but you need to consider the sites where userids and/or password (or any other "account" information is passed over the url). For this reason, the browser forbids it.
ASKER
mltsy:
i'm not sure what mootools has to do with my example
hielo:
I suspect this is related and understand why this could be a security issue.
I also get this error in Web Developer add-on 1.1.6
The thing is, the flash loads without a problem. But how do I stop this error from triggering??
i'm not sure what mootools has to do with my example
hielo:
I suspect this is related and understand why this could be a security issue.
I also get this error in Web Developer add-on 1.1.6
The thing is, the flash loads without a problem. But how do I stop this error from triggering??
>>Permission denied to call method Location.toString
Somewhere in your code you are trying to access the url from a "remote" domain. If your code is in javascript, what you can do is:
try{
Location.toString();
}
catch(e){}
Not sure if actionscript supports the try-catch clause, but if it does, it should get rid of the error (although you still will not be able to access the url. Thus, the most logical thing to do is to get rid of that line completely).
Somewhere in your code you are trying to access the url from a "remote" domain. If your code is in javascript, what you can do is:
try{
Location.toString();
}
catch(e){}
Not sure if actionscript supports the try-catch clause, but if it does, it should get rid of the error (although you still will not be able to access the url. Thus, the most logical thing to do is to get rid of that line completely).
ASKER
hielo:
that seems to make sense, but I am not running any javascript anywhere!
that seems to make sense, but I am not running any javascript anywhere!
>>, but I am not running any javascript anywhere!
OK, then do you know if the flash file is trying to access the remote url? Most likely that's what is triggering the error.
OK, then do you know if the flash file is trying to access the remote url? Most likely that's what is triggering the error.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mltsy, thanks for the adobe bug link. I didn't come across this in my searches but this definitely resolves this for my purposes. I am able to report to who it concerns that this is not related to our code and is a problem with the plugin. It seems like the crossdomain.xml file is only relevant for the swf to retreive data across a different domain.
If not, I would say it's possibly just a problem with firebug trying to interact across domains - or maybe you should try mootools 1.2 in case it's a bug in mootools that has been fixed (it looks like that's where the bug is happening).