Login/Register
Access is denied error on XDomainRequest
Asked Answered
Solved javascriptinternet-explorercross-domainxdomainrequest
H

2

32

I'm trying to use microsoft XDomainRequest to send cross domain request. Here is the code 

...
if ($.browser.msie && window.XDomainRequest) {
  // Use Microsoft XDR
  var xdr = new XDomainRequest();
    xdr.open("POST", "http://graph.facebook.com/1524623057/");

  xdr.send();
} 
 ....

It gives SCRIPT5: Access is denied. error on xdr.open(...) line.

Hua answered 11/12, 2011 at 13:20 Comment(6)
9, I have changed to 8 with developer tools, but the same resultHua
What is the content-type header you're sending?Psychometrics
Yes, see point 4: blogs.msdn.com/b/ieinternals/archive/2010/05/13/…Psychometrics
How I can set header to XDomainRequest object ?Hua
I think i got the problem (point 7).Hua
@jeffamaphone Do I understand the item #4 correctly? Only plain text? What if I want to get JSON formatted data or a XML structure? In practice, those CAN be transmitted as text, although technically speaking it's not "text" but "application/json" and "application/xml"...Hege
H
59

I found the reason of this problem. As stated in Point 7:

Requests must be targeted to the same scheme as the hosting page

This restriction means that if your AJAX page is at http://example.com, then your target URL must also begin with HTTP. Similarly, if your AJAX page is at https://example.com, then your target URL must also begin with HTTPS.

Hua answered 14/12, 2011 at 18:46 Comment(3)
Point 7 being "Requests must be targeted to the same scheme as the hosting page". I was struggling with this same problem too, calling an https address from an http page. Thanks for the link!Renaterenato
I understood that, but is there any way to fix this problem and can access https: ajax from http sites.Cattima
this really help me a lot! I spend hours trying to figure out :)Philina
I
-1

See this:

http://msdn.microsoft.com/en-us/library/cc288060(v=vs.85).aspx

It describes how the server must respond with a certain header, Access-Control-Allow-Origin.

Imprint answered 11/12, 2011 at 13:25 Comment(1)
Hm. So I see now that this URL does return that header with a value of "*". So that's not it.Imprint

© 2022 - 2024 — McMap. All rights reserved.