Reputation: 22571
XMLHttpRequest, FireFox Extension, and error code '1012' (Access Denied)
I'm working on a FireFox extension that uses XMLHttpRequest to grab data from a remote server.
The javascript code is as follows:
function _PostBackObject(data) {
var postBack = new XMLHttpRequest();
postBack.onreadystatechange =
function(){
if (postBack.readyState == 4) {
if (postBack.status == 200) {
// Success
return;
}
_ErrorOccured(postBack.status);
}
};
postBack.open("POST", postBackUrl, true, user, password); //This is line #51
postBack.send(data);
}
I get the following error in the FireFox console:
Error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "chrome://my_ext/content/context.js Line: 51"]
The postBackUrl can be anything (for testing purposes I've been using local machine [127.0.0.1] and a server sitting on my local network [so 192.168.*.*], both on port 8088) as it is user entered.
It looks like I'm tripping over XSS security measures. How would I work around this?
Some additional details:
- FireFox 3.5.3 (it's acceptable to restrict to this and newer)
- Unsigned extension (I would self-sign it, but that's quite a hassle and gains you nothing as far as I can tell)
- I have complete control over the remote server (its a custom setup, not Apache or IIS, written in C# for .NET 3.5)
Upvotes: 0
Views: 2693
Answers (1)
Reputation: 3967
First, if you're calling this from chrome, your code shouldn't hit any cross-site checks. Chrome code is allowed to do cross-site XHR by default. Are you calling this directly from chrome, or are you injecting this into content somehow? http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsXMLHttpRequest.cpp#1736
Second, there are only three places in the XHR code that return that specific error code: http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsXMLHttpRequest.cpp#491 http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsXMLHttpRequest.cpp#1581 http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsXMLHttpRequest.cpp#2996
They all have to do with preflighting requests: http://www.w3.org/TR/access-control/#preflight-request
Is your server getting one of these, and mishandling it?
Upvotes: 3
Related Questions
- Permission Denied When using XMLHttpRequest.Open cross browser access
- Problems with xmlhttprequest status 302
- XMLHttpRequest Open Access Denied
- XMLHTTPRequest in IE9 "Access is denied" error
- XMLHttpRequest.responseXML fires 'permission denied' exception
- XMlHttpRequest is not working in Firefox extension
- XMLHttpRequest from Firefox Extension
- Using XMLHttpRequest for Mozilla Extension development
- XMLHttpRequest problem
- java script, XMLHttpRequest, permission denied within browser