Closed Bug 338006 Opened 18 years ago Closed 18 years ago

web-scripts-access.xml does not allow cross domain script access

Categories

(Core Graveyard :: Web Services, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: david.l.small, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.1) Gecko/20060124 Firefox/1.5.0.1

I have a page from one site that contains an IFRAME that points to another site. Within the IFRAME, I have JavaScript that needs to access the DOM on the parent window. To overcome the cross site scripting security, I followed the directions from this page -> http://developer.mozilla.org/en/docs/Mozilla_Web_Services_Security_Model. I put together the web-scripts-access.xml file who's contents I've specified below in the Additional Information field. I've put the file in the root of the parent window's site.

Regardless, I still get the same JavaScript error in the console -> Error: uncaught exception: Permission denied to get property <Object>.

Reproducible: Always




<wsa:webScriptAccess xmlns:wsa="http://www.mozilla.org/2002/soap/security">
	<wsa:allow type="any" from="http://hostname-of-the-service" />
</wsa:webScriptAccess>
Assignee: nobody → web-services
Component: General → Web Services
Product: Firefox → Core
QA Contact: general → doronr
Version: unspecified → Trunk
Read the document - you can only do cross domain Web Services calls, aka SOAP/WSDL with it.
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
Part of the "allow" element is a "type" attribute. It takes values of "load" or "any" amongst others. The "load" type states usage of the XMLHttpRequest object, which is similar in nature to iframe. It also states "Not implemented!". Are there plans to implement this in the future?
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.