WEIGHT-10 Re: [Javascript] xmlhttprequest
Rakesh Pai
rakeshpai at gmail.com
Sat Feb 12 03:08:03 CST 2005
The problem is that using XMLHttpRequest, you can only communicate
with other pages in the same domain as the place where you call the
function from. Apparently, this restriction was put in to get rid of
security problems, but sure enough, this restriction is now being
looked at as one of the things that can potentially restrict
development in the future. Browser manufacturers are working on
enabling cross-domain XMLHttpRequest now, and we should have that
working soon. Until then, working in the same domain seems to be the
only way out.
Or else, of course, you could use one of the many alternatives to
XMLHttpRequest.
On Fri, 11 Feb 2005 14:31:41 -0700, Peter Brunone <peter at brunone.com> wrote:
>
> I read the post as meaning that the page was being served from localhost,
> which wouldn't be a problem at all... then again, I'm not exactly batting a
> thousand with the ol' reading comprehension lately...
>
>
> From: "Mike Dougherty" mdougherty at pbp.com
>
> Maybe I didn't read closely enough - i thought we were talking about a
> ServerX delivering a page
> with javascript trying to access localhost data. That would be a
> cross-domain security problem
> anyway...
>
> On Fri, 11 Feb 2005 18:09:48 -0200
> Flavio Gomes wrote:
> >IE sucks.
> >
> > Did I say it? No .. I must have just tought it..yeah.. sure.. but it
> >does sucks..
> >
> >
> >(Ps.: It was just a joke, ok people?)
> >
> >
> >Peter Brunone wrote:
> >
> >>
> >> That doesn't quite make sense. If MS blocked web developers from
> >> accessing files on the local web server, then you could never develop
> >> on the web server box; you would *always* need two machines for
> >> development.
> >>
> >> The security concern is with the local filesystem as you mentioned,
> >> but this has nothing to do with files called through a web server.
> >>
> >> It does sound like there might be a security issue, but that would
> >> be more of a "zone" configuration problem.
> >>
> >> Cheers,
> >>
> >> Peter
> >> *
> >> From*: "Mike Dougherty" mdougherty at pbp.com
> >>
> >> I believe that's MS's answer to the security vulnerability where the
> >> evil javascript developer
> >> tries to read the local filesystem to do nasty things. So you may be
> >> fighting an IE security
> >> update.
> >>
> >> Good luck...
> >>
> >> On Fri, 11 Feb 2005 18:24:40 +0100
> >> Iztok Polanic wrote:
> >> >Hi!
> >> >
> >> >I'm playing a bit with XMLhttpRequest. I found out, that if the file
> >> in on local web server
> >> >(localhost) then IE throws an error (-107....) Does anybody have a
> >> clue how to solve this?
> >> >Mozilla works fine :)
> >> >
> >> >--
> >> >Bye,
> >> >
> >> >Iztok
> >>
> >>------------------------------------------------------------------------
> >>
> >>_______________________________________________
> >>Javascript mailing list
> >>Javascript at LaTech.edu
> >>https://lists.LaTech.edu/mailman/listinfo/javascript
> >>
> >>
> >
> >_______________________________________________
> >Javascript mailing list
> >Javascript at LaTech.edu
> >https://lists.LaTech.edu/mailman/listinfo/javascript
> >
> >
> >
> >__________________________________________________________
> >This message was scanned by ATX
> >3:10:56 PM ET - 2/11/2005
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
>
> _______________________________________________
> Javascript mailing list
> Javascript at LaTech.edu
> https://lists.LaTech.edu/mailman/listinfo/javascript
>
>
>
--
Rakesh Pai
Mumbai, India.
rakesh.pai at gmail.com
http://piecesofrakesh.blogspot.com/
More information about the Javascript
mailing list