#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Location
    Sydney, Australia
    Posts
    50
    Rep Power
    12

    Unhappy AJAX Problem - Access is Denied


    Hi Guys

    I have this code in my page, but I keep getting Access Is Denied Javascript error when i try to load the page in different sub-domains in our server network(sub1.mydomain.com, sub2.mydomain.com), but works fine on the main domain (www.mydomain.com)
    Code:
    <script> 
    function ajaxFunction()
    {
    	var xmlHttp;
    	try
    		{
    			// Firefox, Opera 8.0+, Safari
    			xmlHttp=new XMLHttpRequest();
    		}
    		catch (e)
    	{
    	// Internet Explorer
    	try
    		{
    		xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
    		}
    	catch (e)
    		{
    		try
    			{
    			xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
    			}
    		catch (e)
    			{
    			alert("Your browser does not support AJAX!");
    			return false;
    			}
    		}
    	}
    	xmlHttp.onreadystatechange=function()
          {
          if(xmlHttp.readyState==4)
            {
            document.getElementById("txtHint").innerHTML=xmlHttp.responseText;
            }
          }
        xmlHttp.open("GET","http://www.mydomain.com/ajax/time.asp",true);
        xmlHttp.send(null);
    }
    </script>
    The error is pointing to the line:
    Code:
        xmlHttp.open("GET","http://www.mydomain.com/ajax/time.asp",true);
    Any idea why this would be?

    Thanks in advance for any help.

    Alex

    Additional Info: I just setup a subdomain to point to exactly the same directory as the main domain and the script doesn't work on this new subdomain either. Any Ideas.

    Also, Running the script in my local machine IIS (localhost/script.asp) is runs fine.

    I am at a loss on this one.
  2. #2
  3. No Profile Picture
    I AM A GOLDEN GOD
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Apr 2003
    Location
    Camarillo, California
    Posts
    5,932
    Rep Power
    1166
    Cross domain requests are not allowed to XMLHttpRequest; yes, even for a subdomain.

    One workaround is to use a proxy; this article on Yahoo! explains and details how to do this.

    Another method is to use an iframe.

    Here's another article I ran across.

    And another (PDF)

    HTH!
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2004
    Location
    Sydney, Australia
    Posts
    50
    Rep Power
    12
    thanks lnxgeek,
    I didn't relalise cross-domain security was so tight to stop subdomain, but I guess I'll try something different with my problem and see what other problems I can make for myself
  6. #4
  7. No Profile Picture
    Roobee On Railz Roolz!
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2006
    Posts
    139
    Rep Power
    0
    cross domain security is so tight that if you are on http://sitename.com and you call http://www.sitename.com it will deny access!
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2007
    Posts
    7
    Rep Power
    0
    I ran into this same issue, where people access the page the script is being called from different ways. There are four different ways that a person can access the main page:

    Code:
    http://subdomain.domain.com
    https://subdomain.domain.com
    http://subdomin
    https://subdomain
    They can go straight to the subdomain, because it is in the DNS of our internal network that way. To alleviate this issue, I was trying to write a script, that would loop through the different ones, catching the error and then trying the next one, until it found one that worked or ran out of options. My script looked something like this:

    Code:
    var x = 0;
    var urlArray=new Array();
    urlArray[0]="http://subdomain.domain.com";
    urlArray[1]="https://subdomain.domain.com";
    urlArray[2]="http://subdomain";
    urlArray[3]="https://subdomain";
    xmlHttp.onreadystatechange=stateChanged;
    while(x<4){
    	try {
    		xmlHttp.open("GET",urlArray[x],true);
    		x=5;
    	} catch(err) {
    		x++;
    		alert(x);
    	}
    }
    The issue i'm having is that after the first catch, it quits running the script.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2008
    Posts
    1
    Rep Power
    0
    This might not be of much help but just felt like sharing this ... You can enable cross-domain on IE by going into Internet Options -> Security Settings ->Custom level and enabling "Access data sources across domains".

    Regards,
    Anu Shahdadpuri
  12. #7
  13. CSKA Sofia
    Devshed Novice (500 - 999 posts)

    Join Date
    Apr 2003
    Location
    Germany / Bulgaria
    Posts
    575
    Rep Power
    123
    If you know your clients, ergo this is an intranet application, you could also set as requirement Firefox 3 or IE8, they support cross domain xhr.
    Nikola Ivanov
    http://enikola.de
  14. #8
  15. No Profile Picture
    Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,008
    Rep Power
    2791
    That sounds like a really, really bad idea. Browsers cannot cross-domains (normally) but your server side scripts can, so why not handle it that way?
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [ANSI C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

    W3Fools - A W3Schools Intervention.
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2007
    Posts
    7
    Rep Power
    0
    You should not set such restrictions on users in order for them to use your webpage, that is just bad practice. If a solution cannot be figured out to a problem without restricting the user, then the problem should be rethought because something must have gotten missed somewhere.

    Comments on this post

    • Winters agrees
  18. #10
  19. CSS & JS/DOM Adept
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jul 2004
    Location
    USA (verifiably)
    Posts
    20,124
    Rep Power
    4304
    Originally Posted by PHP-Newb
    That sounds like a really, really bad idea. Browsers cannot cross-domains (normally) but your server side scripts can, so why not handle it that way?
    Using a server-side script as a proxy is extra overhead, but it is much better than restricting users to a particular browser.
    Spreading knowledge, one newbie at a time.

    Check out my blog. | Learn CSS. | PHP includes | X/HTML Validator | CSS validator | Common CSS Mistakes | Common JS Mistakes

    Remember people spend most of their time on other people's sites (so don't violate web design conventions).
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2007
    Posts
    7
    Rep Power
    0
    I probably should have told what my solution was, just didn't realize I never posted it. What I ended up doing was, getting the URL of the page being accessed. I used window.location.href and parsed this to give me the first part of the URL. Once I had the first part of the url, I then appended it to the ajax URL so that I did not have any cross domain issues. This was the best solution I could come up with for my problem. The users didn't have any restrictions set on them (well, except the use of javascript, but if they aren't using that, then they most likely aren't able to use a lot of sites out there).
  22. #12
  23. No Profile Picture
    Super Moderator
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jul 2003
    Posts
    4,008
    Rep Power
    2791
    Originally Posted by Kravvitz
    Using a server-side script as a proxy is extra overhead, but it is much better than restricting users to a particular browser.
    Plus we're talking about an intranet, so the bandwidth isn't going to be an issue.
    [PHP] | [Perl] | [Python] | [Java] != [JavaScript] | [XML] | [ANSI C] | [C++] | [LUA] | [MySQL] | [FirebirdSQL] | [PostgreSQL] | [HTML] | [XHTML] | [CSS]

    W3Fools - A W3Schools Intervention.
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    1
    Rep Power
    0

    Using .htaccess to redirect to www


    I was struggling with this issue for some time, and the answer found here was just the ticket.

    My Ajax call for an RSS feed was throwing the "Access Denied" error, and with a simple 301 redirect, the problem is solved.

    The line for the URL to obtain processing of my RSS XML file
    Code:
    var lastrssbridgeurl="http://www.practicewebsite.net/beta2-b/ajax/lastrss/bridge.php"
    My javascript code:
    Code:
    this.ajaxobj.open('GET', lastrssbridgeurl+"?"+parameters, true)
    this.ajaxobj.send(null)
    If I call the web page from http://practicewebsite.net, the script failed, but worked on the http://www.practicewebsite.net

    So, a simple .htaccess file update did the trick!

    Code:
    Options +FollowSymLinks 
    RewriteEngine on 
    RewriteCond %{HTTP_HOST} ^midsouthconstruction.net [NC] 
    RewriteRule ^(.*)$ http://www.midsouthconstruction.net/$1 [L,R=301]
    Hope this helps anyone else who comes across this problem.

    THanks!

IMN logo majestic logo threadwatch logo seochat tools logo