Reputation: 37177
Is there any way to bypass NS_ERROR_DOM_BAD_URI when cross site access is disabled?
I'm doing an XSS report for my university, and I'm doing some tests with calling external webpages using AJAX.
The code I'm using for this example is very simple, and one of my target case-studies is to be able to call an outside web-page via AJAX with cross site disabled.
Note
I only plan to use this on FireFox, and I am not concerned about IE compatibility.
<script>
var xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function(){
if(xmlhttp.readyState==4)
{
alert(xmlhttp.responseText);
}
}
xmlhttp.open("GET","http://example.com",true);
xmlhttp.send(null);
</script>
Now the problem here is that uncaught exception: Access to restricted URI denied (NS_ERROR_DOM_BAD_URI) is thrown. I've been searching around and the best piece of information I found to bypass this was using jQuery with JSON, but that doesn't suit me, and another example was this one (in French).
How can I do this? Or is it just unsolvable due to the same origin policy?
Edit
How does Google post the values through Google analytics? Or this problem only happens for get and not for post?
Upvotes: 3
Views: 14458
Answers (0)
Related Questions
- Ajax Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource
- How to evade same origin policy error when you have no control over it
- Is there a way around Access-Control-Allow-Origin?
- Anyway to bypass same origin policy?
- Ways to circumvent the same-origin policy
- Disable cross-domain ajax request
- Getting around same origin policy in javascript without server side scripts
- Bypass Cross Domain Restriction ajax - jquery and or iOS
- Same domain Policy exceptions?
- How to make cross domain XHR request