document.domain and XmlHttpRequest object security problem

Maikel Nait Mon, 29 Dec 2003 05:13:51 -0800

Hi all. We are trying to port an explorer-only web application to Mozilla/Netscape, using among other things the XmlHttpRequest object similar to the well-known ActiveX from Microsoft. But we encountered a problem we are not sure how to solve. Our application has to communicate with other web application and pass parameters between them, so we must make use of the document.domain property in order to do this.

And that's the problem. As soon as we set this property ( this property is written from a JSP ) , the XmlHttpRequest.open() method returns "access denied". But the domain is correct. We are using domain "san.gva.es". We access the application with "http://localhost.san.gva.es/..."; ( which is a local Tomcat )

I've tried to enable some privileges with netscape.security but the problem doesn't seem to be there... or not ?

Have anyone tried to send xml data with XmlHttpRequest object and the document.domain property set ??

Without code modification, our application works fine with IE6+. If we remove the document.domain sentence from the JSP that writes it, the application works on Mozilla too, but of course this is no solution for us.

Thanks in advance,

Miguel Cubells
Computer Engineer

_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security

document.domain and XmlHttpRequest object security problem

Reply via email to