Help! How does UploadPlugin override the security limitation on HTTP Posts to remote servers?

1 view
Skip to first unread message

AlexG

unread,
Jul 31, 2008, 4:43:56 AM7/31/08
to TiddlyWikiDev
Hi. I could not find the answer to this anywhere! please someone help
enlighten me (and hopefully a few others). Don't web browsers disallow
xmlhttprequests to servers of a different domain than the one who
originally served the page making the xmlhttprequest? But my (flawed,
most likely) perusal of the source code says that this is exactly how
BidiX's UploadPlugin sends the TW data!

Please, help me sleep at night. How does this work?

--Alex.

Paul Downey

unread,
Jul 31, 2008, 4:58:35 AM7/31/08
to Tiddly...@googlegroups.com
>
> Hi. I could not find the answer to this anywhere! please someone help
> enlighten me (and hopefully a few others). Don't web browsers disallow
> xmlhttprequests to servers of a different domain than the one who
> originally served the page making the xmlhttprequest?

Most browsers relax the Same Origin Policy for a HTML file served
from file URI from a priviliged domain. That's the case for most
TiddlyWikis served from your desktop/local file store.

Paul
--
http://blog.whatfettle.com

AlexG

unread,
Jul 31, 2008, 5:12:56 AM7/31/08
to TiddlyWikiDev
Thanks, that makes sense. However, my own efforts to send such
requests to other domains have been blocked. Is there a special
(javascript) way to take advantage of the privileged status of my
local files?

AlexG

unread,
Aug 1, 2008, 12:49:23 AM8/1/08
to TiddlyWikiDev
I just figured i'd answer my own question in case anyone else is
wondering.

any function that needs extra privileges (and it MUST be done within a
function) needs this line:
window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");

Eric Shulman

unread,
Aug 1, 2008, 1:40:05 AM8/1/08
to TiddlyWikiDev
> any function that needs extra privileges (and it MUST be done within a
> function) needs this line:
> window.netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");

There are actually 7 different privileges that can be enabled:
UniversalBrowserRead,
UniversalBrowserWrite,
UniversalBrowserAccess,
UniversalFileRead,
UniversalPreferencesRead,
UniversalPreferencesWrite,
UniversalSendMail

for some additional details, see:
http://www.TiddlyTools.com/#FAQ_BrowserSecurity

HTH,
-e
Eric Shulman
TiddlyTools / ELS Design Studios
Reply all
Reply to author
Forward
0 new messages