Currently transitioning from a shared host to a dedicated server. The same code that works on the old server is not working on the dedicated server. It is a simple AJAX request like:
<code> function createXMLHttpRequest() { if (window.ActiveXObject) { xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); } else if (window.XMLHttpRequest) { xmlHttp = new XMLHttpRequest(); }
With the code as is above, the requests works fine in IE. With Firefox it throws a 403 on the page. A call to the response.php page with parameters runs correctly outside of AJAX call. Changing all POST requests to GET resolves the issue, but I would prefer not to have to change ALL POST requests to GET requests.
Does anyone know of a setting on the new server that can cause FireFox (1.5.x and 2.0.x) to return a 403 with an AJAX post call?
> Currently transitioning from a shared host to a dedicated server. The same code > that works on the old server is not working on the dedicated server. It is a > simple AJAX request like:
> <code> > function createXMLHttpRequest() { > if (window.ActiveXObject) { > xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); > } > else if (window.XMLHttpRequest) { > xmlHttp = new XMLHttpRequest(); > }
> With the code as is above, the requests works fine in IE. With Firefox it throws > a 403 on the page. A call to the response.php page with parameters runs > correctly outside of AJAX call. Changing all POST requests to GET resolves the > issue, but I would prefer not to have to change ALL POST requests to GET requests.
> Does anyone know of a setting on the new server that can cause FireFox (1.5.x > and 2.0.x) to return a 403 with an AJAX post call?
That was the solution. Any idea why it only creates an issue with FireFox? I would like to be able to run the server with this setting on...but also want FireFox to work. Do you think it is a FireFox bug, or the security filter bug, or not a bug at all?
Tim
Message: 1 Date: 25 May 2007 07:38:17 -0700 From: Francis S <francis...@gmail.com> Subject: Re: AJAX Post returns 403 with FireFox To: dev-a...@lists.mozilla.org Message-ID: <1180103897.667192.46200@q19g2000prn.googlegroups.com> Content-Type: text/plain; charset="iso-8859-1"
> Currently transitioning from a shared host to a dedicated server. The same code > that works on the old server is not working on the dedicated server. It is a > simple AJAX request like:
> <code> > function createXMLHttpRequest() { > if (window.ActiveXObject) { > xmlHttp = new ActiveXObject("Microsoft.XMLHTTP"); > } > else if (window.XMLHttpRequest) { > xmlHttp = new XMLHttpRequest(); > }
> With the code as is above, the requests works fine in IE. With Firefox it throws > a 403 on the page. A call to the response.php page with parameters runs > correctly outside of AJAX call. Changing all POST requests to GET resolves the > issue, but I would prefer not to have to change ALL POST requests to GET requests.
> Does anyone know of a setting on the new server that can cause FireFox (1.5.x > and 2.0.x) to return a 403 with an AJAX post call?
> That was the solution. Any idea why it only creates an issue with FireFox? > I > would like to be able to run the server with this setting on...but also > want > FireFox to work. Do you think it is a FireFox bug, or the security filter > bug, or not a bug at all?
IIRC, the "issue" is that Firefox doesn't send a Content-Length header with the POST request if you call send with null or an empty string, and it looks like Apache's "SecFilterEngine" (security filter I guess) is rejecting the POST because of the missing header. My understanding is that it is not required, although without it you cannot use Keep-Alive on that connection afterwards.
In my current project work, I specifically send a value in the postdata (which is ignored by the receiving end) to work around this problem.
-- James Ross <sil...@warwickcompsoc.co.uk> ChatZilla and Venkman Developer
|
