Closed
Bug 365792
Opened 18 years ago
Closed 14 years ago
Every other SOAP call to the same service fails with a security exception
Categories
(Core Graveyard :: Web Services, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: jim.pacyga, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1
I am working on a small web page that uses Javascript in Firefox 2.0 to
make SOAP calls. The page is loaded from the local machine as a file
(file:///C:/...., no web server used), and the SOAP server process is
running on the local machine (http://localhost:7090). I can make my
SOAP call with its single parameter ( Create-EVNT(xml) ) without any
problems, and I receive the return value (a single string) without any
problems as well.
The issue I'm having is that when I make the same, identical SOAP call
a second time, by clicking my HTML form button again, I get the
following Javascript error in the console:
uncaught exception: Security Error: Content at file:/// may not load
data from http://localhost:7090.
However, the THIRD time I try to make the SOAP call, I am able to
without any issues. So essentially, every other SOAP call gets the
error stated above. Also, when I try to reload the page before the 2nd
SOAP call, I get the following error:
parse_event_data is not defined
This is very strange, since the Javascript function IS available. It's
like the page is in a funky state or something. If I reload the page
yet again, the SOAP call goes back to working every other time.
Here is the HTML as well as the Javascript files you can use to reproduce this. Unfortunately, I cannot provide the service that is called because it is proprietary:
create_event.html
-----------------------------
<html>
<head>
<script src="create_event.js"/>
</head>
<body bgcolor="#C7C7C7">
<table width="100%" align="center" cellspacing="0" cellpadding="12"
border="0" bgcolor="#C7C7C7" ><tr><td>
<table width="100%" align="center" cellspacing="4" cellpadding="3"
border="0" bgcolor="#000000" ><tr><td bgcolor="#808F8F" >
<table width="100%" align="center" cellspacing="0" cellpadding="20"
border="0" bgcolor="#F0F0F0" ><tr><td bgcolor="#F0F0F0" >
<h2>Create Event</h2>
<form action="" method="get">
<font color="red">*</font> Operator ID: <br>
<input type="text" name="operatorID">
<br><br>
<font color="red">*</font> Operator Input: <br>
<textarea name="operatorInput"></textarea>
<br><br>
<input type="button" name="create_event_button" value="Create Event"
onClick="parse_event_data( this.form )">
<input type="button" name="clear_form_button" value="Clear Form"
onClick="clear_form( this.form )">
</form>
<i><font color="red">*</font> is a required field.</i>
</table>
</td></tr></table>
</td></tr></table>
</td></tr></table>
</body>
</html>
create_event.js
-----------------------
function clear_form( form )
{
form.operatorID.value = "";
form.operatorInput.value = "";
}
function handleSOAPResponse( response, call, status )
{
// Failure in calling the service
if( status != 0 )
{
alert("SOAP service failure." + error);
return false;
}
else
{
// Error in call
if( response.fault != null)
{
alert("SOAP Fault:\n\n" + "Code: " + response.fault.faultCode
+
"\n\nMessage: " + response.fault.faultString);
return false;
}
/*
* IF WE WANT TO DO SOMETHING WITH THE RETURN VALUE, FILL IT IN
HERE.
*/
// All went well
num = new Object(); // Holds number of parameters returned
param = response.getParameters(false,num); // 'false' means RPC
call
alert( "Got value of " + param[0].value );
}
}
function call_create_evnt( data )
{
// Organize SOAP call parameters
params = new Array();
params[0] = new SOAPParameter( data, "xml" );
try {
netscape.security.PrivilegeManager.enablePrivilege(
"UniversalBrowserRead" );
}
catch( e ) {
alert( "Error asking for Gecko privileges: " + e );
return false;
}
// Make SOAP call
soapCall = new SOAPCall();
soapCall.transportURI = "http://localhost:7090"
soapCall.encode( 0, "Create-EVNT", "urn:DSB",
0, null,
params.length, params );
soapCall.asyncInvoke( handleSOAPResponse );
// REMOVE ME
//alert( data );
}
function parse_event_data( form )
{
// Basic error checking for fields
if( form.operatorID.value == "" || form.operatorInput.value == "" )
{
alert( "Please enter data into all required fields." );
return false;
}
// If we can do the XML stuff in Gecko, do it
if( ! (document.implementation) ||
! (document.implementation.createDocument) )
{
alert("Could not initialize DOM of Gecko browser.");
return false;
}
// Create new XML document, and get a reference to the root node
xmlDoc = document.implementation.createDocument( "", "EVNT", null );
root_elem = xmlDoc.getElementsByTagName( "EVNT");
// Get current date and time
today = new Date();
current_year = today.getFullYear();
current_month = today.getMonth() + 1;
current_date = today.getDate();
current_hour = today.getHours();
if( current_hour < 10 )
{
current_hour = "0" + current_hour;
}
current_minute = today.getMinutes();
if( current_minute < 10 )
{
current_minute = "0" + current_minute;
}
current_second = today.getSeconds();
if( current_second < 10 )
{
current_second = "0" + current_second;
}
timestamp = current_year + "-" + current_month + "-" + current_date
+ "T" +
current_hour + ":" + current_minute + ":" +
current_second;
// Set all attributes in the node
root_elem[0].setAttribute( "operatorID", form.operatorID.value );
root_elem[0].setAttribute( "operatorInput", form.operatorInput.value
);
root_elem[0].setAttribute( "dateTimeStamp", timestamp );
theXML = new XMLSerializer().serializeToString( xmlDoc );
// Prepend the necessary XML header, as well as the XSLT that will
make
// the XML look pretty in the record book viewer.
theXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
"<?xml-stylesheet type=\"text/xsl\"
href=\"file://C:/EVNT.xslt\"?>" + theXML;
// Make SOAP call
call_create_evnt( theXML );
}
Reproducible: Always
Steps to Reproduce:
1. Put the HTML into the file create_event.html, and the JS into the file create_event.js.
2. Load the file in Firefox by typing in the following URL "file:///<whereever_the_html_file_is>"
3. Fill in "OperatorID" and "Operator Input" fields, and press the "Create Event" button TWICE.
4. Unfortunately in the Error Console you will get "response has not properties", but that's as far as I can get you without providing the SOAP service. If it's absolutely necessary, I can work on getting my employer to let me release the code for the service. But I can assure you that the service is working correctly.
Actual Results:
I get the following Javascript error on the SECOND create_event SOAP call:
uncaught exception: Security Error: Content at file:/// may not load
data from http://localhost:7090.
Expected Results:
When the service is present, it gives no error the first time the SOAP call is made, and should do the same the second time the call is made.
Updated•18 years ago
|
Assignee: nobody → web-services
Component: Security → Web Services
Product: Firefox → Core
QA Contact: firefox → doronr
Version: unspecified → 1.8 Branch
Reporter | ||
Comment 1•18 years ago
|
||
Being new to SOAP in general, I did not realize that a synchronous SOAP call could be made as well, calling "soapCall.invoke()" instead of "soapCall.aSyncInvoke()". So, I tried this, and it seemed to solve my problem. No more errors, and the SOAP calls can be made repeatedly without any issues.
However, is the error I'm getting when making an asynchronous call still an issue?
Updated•15 years ago
|
Assignee: web-services → nobody
QA Contact: doronr → web-services
Comment 2•14 years ago
|
||
We dropped SOAP.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
Updated•7 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•