Closed
Bug 859404
Opened 11 years ago
Closed 11 years ago
NIGHTLY: XMLHttpRequest.open fails on urls including "http://"
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: dwendt, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130408 Firefox/23.0 Build ID: 20130408030928 Steps to reproduce: var myxhr = new XMLHttpRequest(); myxhr.open("GET", "http://google.com", true); Actual results: [Exception... "" nsresult: "0x805e0006 (<unknown>)" location: "JS frame :: Web Console :: <TOP_LEVEL> :: line 1" data: no] Expected results: It should've sent a GET request to google.com and processed whatever xhr.open usually does. This works as intended if "http://" doesn't prefix the second argument of xhr.open(). The third argument doesn't change this, neither does the first.
Comment 1•11 years ago
|
||
It working when the http:// is present makes sense, since that goes to the local domain. Also, you don't see the error when calling open, do you? I would expect the error to appear when calling send.
Reporter | ||
Comment 2•11 years ago
|
||
(In reply to Josh Matthews [:jdm] from comment #1) > It working when the http:// is present makes sense, since that goes to the > local domain. Also, you don't see the error when calling open, do you? I > would expect the error to appear when calling send. It does not work when "http://" is present. It occurs when the example code is executed.
Comment 3•11 years ago
|
||
The web console runs in the context of the page that's currently loaded. If that page is not on google.com, it can't do XHR to google.com, right? What am I missing?
Flags: needinfo?(dwendt)
Reporter | ||
Comment 4•11 years ago
|
||
(In reply to Boris Zbarsky (:bz) from comment #3) > The web console runs in the context of the page that's currently loaded. If > that page is not on google.com, it can't do XHR to google.com, right? > > What am I missing? It works fine when the argument is "google.com" and DOES NOT WORK PERIOD for "http://google.com" Isn't this really clear?
Flags: needinfo?(dwendt)
Comment 5•11 years ago
|
||
It's clear, yes. "google.com" is a relative URL, resolved relative to the page. So if I were to do that on this very web page, it would be loading "http://bugzilla.mozilla.org/google.com". That's a same-origin load, and is allowed. Loading "http://google.com" from this web page is a cross-origin load, and is not allowed. Sounds like I'm not missing anything, then. The behavior is what it's supposed to be.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 6•11 years ago
|
||
Sorry, it appears I misdescribed this bug. Shouldn't cross domain requests be permitted if the target in argument 2 has the "Access-Control-Allow-Origin *" header set? Rather than http://google.com, the example argument in this case would be http://ericflin.com/scripts/restproxy.php?m=GET Example code that should not throw an exception if this is the case.. function reqListener () { console.log(this.responseText); }; var oReq = new XMLHttpRequest(); oReq.onload = reqListener; oReq.open("get", "http://ericflin.com/scripts/restproxy.php?m=GET", true); oReq.send();
Comment 7•11 years ago
|
||
Ah, good catch. The example in comment 6 works fine for me if run on an http:// page. On an https:// page (like this bug page), it's blocked by the "do not allow http loads from https pages" security policy, which is somewhat new in nightly.
You need to log in
before you can comment on or make changes to this bug.
Description
•