Closed
Bug 340568
Opened 18 years ago
Closed 18 years ago
Permission denied when trying to access resource on same domain but different port with XMLHttpRequest.open
Categories
(Core :: XML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 246314
People
(Reporter: gribas, Unassigned)
Details
Attachments
(2 files, 1 obsolete file)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Firefox fails to retrieve a resource located in the same domain but on a different port using XMLHttpRequest. We have an application running at port 7777 at the same address of our web server. It's not possible to make a XMLHttpRequest to that application using Firefox. Opera and IE are working fine. Ex: web page: http://ourdomain/page.jsp resource: http://ourdomain:7777/getMap?ID=4741&KEY=HSGAR21NXBSTQQA8HJS817HJSRW Reproducible: Always Steps to Reproduce: 1. Try to fetch a resource in the same domain but on a different port. Actual Results: Permission denied to call method XMLHttpRequest.open. Expected Results: Retrieve the desired resource since it is in the same domain. I'll try to add a simple test case. Here's what I found so far: =============== Firefox 1.5.0.4 ----------------------------------------------------------------------- Same domain, same port Ok! Same domain, different port Permission denied XMLHttpRequest.open Different domain, same port Permission denied XMLHttpRequest.open Different domain, different port Permission denied XMLHttpRequest.open ----------------------------------------------------------------------- ============================ IE 6.0 XP sp2 (*with* user authorization) ----------------------------------------------------------------------- Same domain, same port Ok! Same domain, different port Ok! Different domain, same port Ok! Different domain, different port Ok! ----------------------------------------------------------------------- =============================== IE 6.0 XP sp2 (*without* user authorization) ----------------------------------------------------------------------- Same domain, same port Ok! Same domain, different port Ok! Different domain, same port [object Error] Different domain, different port [object Error] ----------------------------------------------------------------------- ================ Opera 9.0 beta2 ----------------------------------------------------------------------- Same domain, same port Ok! Same domain, different port Ok! Different domain, same port [Error: Security violation ] Different domain, different port [Error: Security violation ] -----------------------------------------------------------------------
Comment 2•18 years ago
|
||
This is intentional *** This bug has been marked as a duplicate of 246314 ***
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Comment on attachment 224597 [details] Test Page ><HTML><HEAD> > > <SCRIPT> > > var TEST_FILE_NAME = '/attachment.cgi?id=224596'; > /* > * Funcao que retorna o código do MAP > */ > function importFragment(url){ > var returnText; > try { > // code for Mozilla, etc. > if (window.XMLHttpRequest) { > xmlhttp=new XMLHttpRequest(); > xmlhttp.open("GET",url,false); > xmlhttp.send(null); > returnText = xmlhttp.responseText; > } > // code for IE > else if (window.ActiveXObject) { > var xml = new ActiveXObject("Microsoft.XMLHTTP"); > xml.Open( "GET", url, false); > xml.Send(); > returnText = xml.responseText; > } > } catch (ee) { > returnText = ee; > } > return returnText; > } > > > > function roda() { > var xmlHttpResult; > var spanTag; > > // same domain, same port > xmlHttpResult = importFragment('https://'+document.domain + TEST_FILE_NAME); > spanTag = document.getElementById('sd_sp'); > spanTag.innerHTML = xmlHttpResult; > > // same domain, != port > xmlHttpResult = importFragment('https://'+document.domain+':8080' + TEST_FILE_NAME); > spanTag = document.getElementById('sd_dp'); > spanTag.innerHTML = xmlHttpResult; > > // != domain, same port > xmlHttpResult = importFragment('http://www.cpqd.com.br/robots.txt'); > spanTag = document.getElementById('dd_sp'); > spanTag.innerHTML = xmlHttpResult; > > // != domain, != port > xmlHttpResult = importFragment('http://www.cpqd.com.br:8080/robots.txt'); > spanTag = document.getElementById('dd_dp'); > spanTag.innerHTML = xmlHttpResult; > > spanTag = document.getElementById('domain'); > spanTag.innerHTML = document.domain; > spanTag = document.getElementById('URL'); > spanTag.innerHTML = document.URL; > } > > > </SCRIPT></HEAD><BODY onload="roda()"> ><TABLE border="10"> > <TBODY><TR> > <TD> URL </TD> > <TD> <SPAN id="URL">https://bugzilla.mozilla.org/attachment.cgi?id=224597</SPAN></TD> > </TR> > <TR> > <TD> domain </TD> > <TD> <SPAN id="domain">bugzilla.mozilla.org</SPAN></TD> > </TR> > > <TR> > <TD> Same domain, same port </TD> > <TD> <SPAN id="sd_sp">Permission denied to call method XMLHttpRequest.open</SPAN></TD> > </TR> > <TR> > <TD> Same domain, different port </TD> > <TD> <SPAN id="sd_dp">Permission denied to call method XMLHttpRequest.open</SPAN></TD> > </TR> > <TR> > <TD> Different domain, same port </TD> > <TD> <SPAN id="dd_sp">Permission denied to call method XMLHttpRequest.open</SPAN></TD> > </TR> > <TR> > <TD> Different domain, different port </TD> > <TD> <SPAN id="dd_dp">Permission denied to call method XMLHttpRequest.open</SPAN></TD> > </TR> ></TBODY></TABLE> ></BODY></HTML>
Attachment #224597 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•