Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
comp.lang.javascript
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Problem with UniversalBrowserRead: "Permission denied to call method XMLHttpRequest.open"
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   2 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Charlie  
View profile  
 More options Mar 16 2007, 4:09 pm
Newsgroups: comp.lang.javascript
From: "Charlie" <cpcrow...@gmail.com>
Date: 16 Mar 2007 13:09:28 -0700
Local: Fri, Mar 16 2007 4:09 pm
Subject: Problem with UniversalBrowserRead: "Permission denied to call method XMLHttpRequest.open"
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
I am trying to make an XMLHttpRequest which violates the default "same-
origin"policy in Firefox. I checked the archives and found a method
that should work but it does not. Below is the test code I isolated. I
set signed.applets.codebase_principal_support true and seemed to get
the UniversalBrowserRead permission but then the open still failed
with the same old "Permission denied to call method
XMLHttpRequest.open" error. Can someone tell me what I did wrong?
Thanks, Charlie Crowley

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="en">
<head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
        <!-- I added the line
                user_pref("signed.applets.codebase_principal_support", true);
        to my "Prefs.js" file and it shows up as true in "about:config" when
I check -->
        <script>

netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
        console.log("Got UniversalBrowserRead permission, about to call
req.open()");
    var req = new XMLHttpRequest();
    req.open("GET", "http://s3.amazonaws.com/", false);
        console.log("req.open() did not fail");
        </script>
</head>
<body></body>
</html>


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Charlie  
View profile  
 More options Mar 17 2007, 10:42 pm
Newsgroups: comp.lang.javascript
From: "Charlie" <cpcrow...@gmail.com>
Date: 17 Mar 2007 19:42:30 -0700
Local: Sat, Mar 17 2007 10:42 pm
Subject: Re: Problem with UniversalBrowserRead: "Permission denied to call method XMLHttpRequest.open"
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
I looked into this further on the Firefox boards and found a solution.
As far as I know it only works on Firefox. You need to establish a
security policy that allows XMLHttpRequest.open to any site. This web
site is useful: http://kb.mozillazine.org/Security_Policies

The solution is to add these three lines to to the "user.js"
preferences file. Actually on my Mac it is called the "prefs.js". Here
are the lines to add:

user_pref("capability.policy.XMLHttpRequestToAnySite.XMLHttpRequest.open",
"allAccess");
user_pref("capability.policy.XMLHttpRequestToAnySite.sites", "http://
localhost");
user_pref("capability.policy.policynames", "XMLHttpRequestToAnySite");

This names a policy, XMLHttpRequestToAnySite, you can use any name
that doesn't conflict with another one already defined. You give the
list of sites where this policy applies. that is, sites where the HTML
file that loads the JavaScript that wants to do the XMLHttpRequest
comes from. And the allAccess means that you can open any web site.

The Firefox site gives information on editing the "user.js" (or
"prefs.js") files. See http://www.mozilla.org/support/firefox/edit.

--Charlie Crowley

On Mar 16, 2:09 pm, "Charlie" <cpcrow...@gmail.com> wrote:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google