Closed Bug 365792 Opened 18 years ago Closed 14 years ago

Every other SOAP call to the same service fails with a security exception

Categories

(Core Graveyard :: Web Services, defect)

1.8 Branch
x86
Windows XP
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: jim.pacyga, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 I am working on a small web page that uses Javascript in Firefox 2.0 to make SOAP calls. The page is loaded from the local machine as a file (file:///C:/...., no web server used), and the SOAP server process is running on the local machine (http://localhost:7090). I can make my SOAP call with its single parameter ( Create-EVNT(xml) ) without any problems, and I receive the return value (a single string) without any problems as well. The issue I'm having is that when I make the same, identical SOAP call a second time, by clicking my HTML form button again, I get the following Javascript error in the console: uncaught exception: Security Error: Content at file:/// may not load data from http://localhost:7090. However, the THIRD time I try to make the SOAP call, I am able to without any issues. So essentially, every other SOAP call gets the error stated above. Also, when I try to reload the page before the 2nd SOAP call, I get the following error: parse_event_data is not defined This is very strange, since the Javascript function IS available. It's like the page is in a funky state or something. If I reload the page yet again, the SOAP call goes back to working every other time. Here is the HTML as well as the Javascript files you can use to reproduce this. Unfortunately, I cannot provide the service that is called because it is proprietary: create_event.html ----------------------------- <html> <head> <script src="create_event.js"/> </head> <body bgcolor="#C7C7C7"> <table width="100%" align="center" cellspacing="0" cellpadding="12" border="0" bgcolor="#C7C7C7" ><tr><td> <table width="100%" align="center" cellspacing="4" cellpadding="3" border="0" bgcolor="#000000" ><tr><td bgcolor="#808F8F" > <table width="100%" align="center" cellspacing="0" cellpadding="20" border="0" bgcolor="#F0F0F0" ><tr><td bgcolor="#F0F0F0" > <h2>Create Event</h2> <form action="" method="get"> <font color="red">*</font> Operator ID: <br> <input type="text" name="operatorID"> <br><br> <font color="red">*</font> Operator Input: <br> <textarea name="operatorInput"></textarea> <br><br> <input type="button" name="create_event_button" value="Create Event" onClick="parse_event_data( this.form )"> <input type="button" name="clear_form_button" value="Clear Form" onClick="clear_form( this.form )"> </form> <i><font color="red">*</font> is a required field.</i> </table> </td></tr></table> </td></tr></table> </td></tr></table> </body> </html> create_event.js ----------------------- function clear_form( form ) { form.operatorID.value = ""; form.operatorInput.value = ""; } function handleSOAPResponse( response, call, status ) { // Failure in calling the service if( status != 0 ) { alert("SOAP service failure." + error); return false; } else { // Error in call if( response.fault != null) { alert("SOAP Fault:\n\n" + "Code: " + response.fault.faultCode + "\n\nMessage: " + response.fault.faultString); return false; } /* * IF WE WANT TO DO SOMETHING WITH THE RETURN VALUE, FILL IT IN HERE. */ // All went well num = new Object(); // Holds number of parameters returned param = response.getParameters(false,num); // 'false' means RPC call alert( "Got value of " + param[0].value ); } } function call_create_evnt( data ) { // Organize SOAP call parameters params = new Array(); params[0] = new SOAPParameter( data, "xml" ); try { netscape.security.PrivilegeManager.enablePrivilege( "UniversalBrowserRead" ); } catch( e ) { alert( "Error asking for Gecko privileges: " + e ); return false; } // Make SOAP call soapCall = new SOAPCall(); soapCall.transportURI = "http://localhost:7090" soapCall.encode( 0, "Create-EVNT", "urn:DSB", 0, null, params.length, params ); soapCall.asyncInvoke( handleSOAPResponse ); // REMOVE ME //alert( data ); } function parse_event_data( form ) { // Basic error checking for fields if( form.operatorID.value == "" || form.operatorInput.value == "" ) { alert( "Please enter data into all required fields." ); return false; } // If we can do the XML stuff in Gecko, do it if( ! (document.implementation) || ! (document.implementation.createDocument) ) { alert("Could not initialize DOM of Gecko browser."); return false; } // Create new XML document, and get a reference to the root node xmlDoc = document.implementation.createDocument( "", "EVNT", null ); root_elem = xmlDoc.getElementsByTagName( "EVNT"); // Get current date and time today = new Date(); current_year = today.getFullYear(); current_month = today.getMonth() + 1; current_date = today.getDate(); current_hour = today.getHours(); if( current_hour < 10 ) { current_hour = "0" + current_hour; } current_minute = today.getMinutes(); if( current_minute < 10 ) { current_minute = "0" + current_minute; } current_second = today.getSeconds(); if( current_second < 10 ) { current_second = "0" + current_second; } timestamp = current_year + "-" + current_month + "-" + current_date + "T" + current_hour + ":" + current_minute + ":" + current_second; // Set all attributes in the node root_elem[0].setAttribute( "operatorID", form.operatorID.value ); root_elem[0].setAttribute( "operatorInput", form.operatorInput.value ); root_elem[0].setAttribute( "dateTimeStamp", timestamp ); theXML = new XMLSerializer().serializeToString( xmlDoc ); // Prepend the necessary XML header, as well as the XSLT that will make // the XML look pretty in the record book viewer. theXML = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<?xml-stylesheet type=\"text/xsl\" href=\"file://C:/EVNT.xslt\"?>" + theXML; // Make SOAP call call_create_evnt( theXML ); } Reproducible: Always Steps to Reproduce: 1. Put the HTML into the file create_event.html, and the JS into the file create_event.js. 2. Load the file in Firefox by typing in the following URL "file:///<whereever_the_html_file_is>" 3. Fill in "OperatorID" and "Operator Input" fields, and press the "Create Event" button TWICE. 4. Unfortunately in the Error Console you will get "response has not properties", but that's as far as I can get you without providing the SOAP service. If it's absolutely necessary, I can work on getting my employer to let me release the code for the service. But I can assure you that the service is working correctly. Actual Results: I get the following Javascript error on the SECOND create_event SOAP call: uncaught exception: Security Error: Content at file:/// may not load data from http://localhost:7090. Expected Results: When the service is present, it gives no error the first time the SOAP call is made, and should do the same the second time the call is made.
Assignee: nobody → web-services
Component: Security → Web Services
Product: Firefox → Core
QA Contact: firefox → doronr
Version: unspecified → 1.8 Branch
Being new to SOAP in general, I did not realize that a synchronous SOAP call could be made as well, calling "soapCall.invoke()" instead of "soapCall.aSyncInvoke()". So, I tried this, and it seemed to solve my problem. No more errors, and the SOAP calls can be made repeatedly without any issues. However, is the error I'm getting when making an asynchronous call still an issue?
Assignee: web-services → nobody
QA Contact: doronr → web-services
We dropped SOAP.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.