Solved

Permission denied to call method Location.toString error

Posted on 2008-10-20
8
18,047 Views
Last Modified: 2013-12-07
The following error occurs in Firebug when an iframe (called on Domain A) pulls an html file on a different domain (domain B) that contains an embedded swf located on domain B. At first I thought it was a swfobject issue so I am trying to troubleshoot this with an object embed.

---------
Permission denied to call method Location.toString
---------

here is an example:
http://www.artworknotavailable.com/temp/iframetest.html

iframetest.html contains one iframe that calls http://www.keithhopkin.com/temp/flashbanner.html .
flashbanner.html contains an embed for a swf (published as flash 9) that has nothing in it except static text placed on the stage. It is not trying to load any data as this was my first thought. A few folks have mentioned the crossdomain.xml policy file but isn't this just for loading data into a swf?

http://willperone.net/Code/as3error.php

also, i have allowScriptAccess="always" set on the embed. I still get this error.

---------------

FIREFOX 3.0.3
WINXP
FIREBUG 1.2.1



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>iframetest.html</title>
</head>
 
<body>
	<iframe src="http://www.keithhopkin.com/temp/flashbanner.html" height="110" width="110"></iframe>
 
</body>
</html>
 
 
----------------
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>flashbanner.html</title>
 
</head>
 
<body>
<div id="myId">
 
<object type="application/x-shockwave-flash" width="100" height="100" data="http://www.keithhopkin.com/temp/nothing.swf">
<embed src="nothing.swf" allowScriptAccess="always" type="application/x-shockwave-flash" width="100" height="100">
<param name="movie" value="nothing.swf" />
</object>
 
 
</div>
 
 
</body>
</html>

Open in new window

0
Comment
Question by:kenitech
  • 3
  • 3
  • 2
8 Comments
 
LVL 7

Expert Comment

by:mltsy
ID: 22760263
Hmm... I don't get the error unless I turn on firebug - is it causing a problem for you normally?

If not, I would say it's possibly just a problem with firebug trying to interact across domains - or maybe you should try mootools 1.2 in case it's a bug in mootools that has been fixed (it looks like that's where the bug is happening).
0
 
LVL 82

Expert Comment

by:hielo
ID: 22760311
What you are experiencing is a cross-site scripting security restriction. Since the domains of the frames are from different domains, the script(s)on one frame cannot read the url of the other (and vice  versa). At first glance it may seem that being able to read the url from each other is "harmless" but you need to consider the sites where userids and/or password (or any other "account" information is passed over the url). For this reason, the browser forbids it.
0
 

Author Comment

by:kenitech
ID: 22761200
mltsy:
i'm not sure what mootools has to do with my example

hielo:
I suspect this is related and understand why this could be a security issue.


I also get this error in Web Developer add-on 1.1.6

The thing is, the flash loads without a problem. But how do I stop this error from triggering??
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 82

Expert Comment

by:hielo
ID: 22761320
>>Permission denied to call method Location.toString
Somewhere in your code you are trying to access the url from a "remote" domain. If your code is in javascript, what you can do is:

try{
 Location.toString();
}
catch(e){}

Not sure if actionscript supports the try-catch clause, but if it does, it should get rid of the error (although you still will not be able to access the url. Thus, the most logical thing to do is to get rid of that line completely).
0
 

Author Comment

by:kenitech
ID: 22762313
hielo:
that seems to make sense, but I am not running any javascript anywhere!

0
 
LVL 82

Expert Comment

by:hielo
ID: 22762723
>>, but I am not running any javascript anywhere!
OK, then do you know if the flash file is trying to access the remote url? Most likely that's what is triggering the error.
0
 
LVL 7

Accepted Solution

by:
mltsy earned 500 total points
ID: 22762781
Now I understand your confusion... very strange.  Somehow the first time I looked at it in Firebug, it gave me a call stack that included some references to a mootools.1.11.js file - but that must have been an error in Firebug in creating the call stack (from another page I was looking at or something).

Very strange that you're getting that error without using any javascript... I can't imagine you are the first person to have this problem - and it turns out you aren't:

http://bugs.adobe.com/jira/browse/FP-561

Also - using my imagination now - it might be that, even though your flash file isn't trying to access anything, the Flash client is being denied access to something when attempting to determine how to properly apply its security policy...?  You could try uploading a crossdomain.xml file in the root of the server on which the the swf file is hosted (or in several locations for that matter, just scatter them about...) and see what happens.

Seemed to work for this guy: http://www.west-wind.com/WebLog/posts/408827.aspx
0
 

Author Closing Comment

by:kenitech
ID: 31507920
mltsy, thanks for the adobe bug link. I didn't come across this in my searches but this definitely resolves this for my purposes. I am able to report to who it concerns that this is not related to our code and is a problem with the plugin. It seems like the crossdomain.xml file is only relevant for the swf to retreive data across a different domain.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Website checklist for browser compatibility? 2 37
Link not working 6 41
Use "if not" in a condition 2 18
How to get text of href without any ID using Javascript 9 23
Introduction If you're like most people, you have occasionally made a typographical error when you're entering information into an online form.  And to your consternation, the browser remembers the error, and offers to autocomplete your future entr…
In threads here at EE, each comment has a unique Identifier (ID). It is easy to get the full path for an ID via the right-click context menu. However, we often want to post a short link within a thread rather than the full link. This article shows a…
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question