You need to sign in to do that
Don't have an account?
Cliffwalk
AJAX & Cross-Domain Data
I've been working with AJAX in our company's browser of choice which is IE and admittedly I am nearly as familiar with the config settings in Firefox, however, I'd really like to use it because of the Venkman debugger that has made things a lot easier on me.... HOWEVER, when I go to work with my control I'm getting this error:
Error: uncaught exception: Permission denied to call method XMLHttpRequest.open
I'm guessing that Firefox needs to be told that it can do cross-domain data but I can't find a config option for that.
Secondly: Will this configuration requirement being going away at some point? Having this particular configuration change in place has some security risks.
Thanks
-Dave
Error: uncaught exception: Permission denied to call method XMLHttpRequest.open
I'm guessing that Firefox needs to be told that it can do cross-domain data but I can't find a config option for that.
Secondly: Will this configuration requirement being going away at some point? Having this particular configuration change in place has some security risks.
Thanks
-Dave
Hi Cliffwalk, If you are writing an SControl then this should not be a problem. If you are using the AJAX toolkit from your own website this is a problem.
For firefox what you will need to to is to edit the prefs.js file that firefox uses to store preferences. Add a policy called salesforce:
user_pref("capability.policy.policynames", "salesforce");
Give that policy all access to the open method of XMLHttpRequest:
user_pref("capability.policy.salesforce.XMLHttpRequest.open", "allAccess");
Specify the sites that are to be members of that policy:
user_pref("capability.policy.salesforce.sites", "https://www.salesforce.com https://na1-api.salesforce.com http://localhost");
The last step above assumes that you get na1 back on a login call for your account.
Oh, and don't forget to shut down Firefox before you edit prefs.js, or else it'll just overwrite your settings.
Now, I've also seen something a little more dynamic and might not apply to XMLHttpRequest (which is the basis of the sforce AJAX toolkit), but haven't tried it yet. Here is a snippet from a blog post:
Cross-domain security woes
You're developing an Ajax-based application. You have an application server at example.com which serves up all your JavaScript, HTML and CSS, and a data server at xml.example.com which delivers all the XML data to the application via a hidden IFRAME.
You know that cross-domain security will prevent any JavaScript from accessing the data in the IFRAME. so, you configure the data server to set the security domain of the IFRAME to "example.com" — the common suffix between the two domains — with a small piece of JavaScript:
Having done this, you test your application and get a "permission denied" error. What happened?
Depending on your browser, it may not be enough to only set the security domain of the IFRAME. You must set all of the frames and windows to the same domain, too. This is true even if the domain name you're trying to set already matches the domain of the server that's currently serving the page. For example, if you have two frames with pages served from example.com and you use JavaScript to set the security domain of one frame to "example.com" the frames will be unable to communicate.
Older browsers might let you get away with this.
Message Edited by DevAngel on 10-25-2005 10:41 AM
It seems you need to enable alot more properties. Below is a list that works for one of my more complex scontrols, but it is probably not complete.
user_pref("capability.policy.policynames", "salesforce");
user_pref("capability.policy.salesforce.Element.childNodes", "allAccess");
user_pref("capability.policy.salesforce.Element.firstChild", "allAccess");
user_pref("capability.policy.salesforce.Element.getAttribute", "allAccess");
user_pref("capability.policy.salesforce.Element.getElementsByTagName", "allAccess");
user_pref("capability.policy.salesforce.Element.localName", "allAccess");
user_pref("capability.policy.salesforce.Element.nodeType", "allAccess");
user_pref("capability.policy.salesforce.Element.nodeValue", "allAccess");
user_pref("capability.policy.salesforce.Element.parentNode", "allAccess");
user_pref("capability.policy.salesforce.HTMLCollection.length", "allAccess");
user_pref("capability.policy.salesforce.HTMLCollection.item", "allAccess");
user_pref("capability.policy.salesforce.Text.nodeType", "allAccess");
user_pref("capability.policy.salesforce.Text.nodeValue", "allAccess");
user_pref("capability.policy.salesforce.XMLDocument.getElementsByTagName", "allAccess");
user_pref("capability.policy.salesforce.XMLHttpRequest.open", "allAccess");
user_pref("capability.policy.salesforce.sites", "https://www.salesforce.com http://localhost https://na1-api.salesforce.com");
Dave
Any clues where I should start looking for my issue? I tried setting the doc domain and this didn't help.
-Dave
Code:
Now i can do things like
Code:
And everything is redirected transparently!!! Works like a charm!!!
hope it helps someone!
Message Edited by fedevelaps on 04-30-2007 07:42 AM