function populateGroups(){
var p =1;
var groupNames = new Array();
$.ajax({
type: "GET",
url: "http://okcmonprd103/iMon/findgroups.pl",
dataType: "text/xml",
success: function parseGroupNames(xml){
$(xml).find('group').each(function(){
groupNames[p] = $(this).find('name').text();
p++;
});
groupNames.sort(arraySort);
for(p=0;p<groupNames.length-1;p++){
$('#Groups').append('<option value="'+p+1+'">'+groupNames[p]+'</option>');
$('#dutyGroups').append('<option value="'+p+'">'+groupNames[p]+'</option>');
}
}
});
}
I send this ajax call to a server on our network that runs a Perl script that returns XML data. This works fine on my machine in IE8, and in my Windows 7 Gadget (which is what this is mainly for) but whenever other people in the company try to use it, they get the "Permission Denied" error. Do I need to set up a proxy page in order to make this work?
It does work on my machine, I just don't see how other people on the same network wouldn't be able to use this...
It turned out that it was a Windows 7 issue. When you right clicked on the HTML file name, under security, it would say something like "this file is blocked because it came from another computer"
All you had to do was press the "Unblock" button and all of a sudden it worked.
Related
The following code works fine in every other browser except IE7. In fact, with this enabled on the page no scripts will work until I have commented it out.
$(document).ready(function () {
var pathname = $(location).attr('href');
if(pathname.indexOf('sess') === -1){
var path = pathname;
}else{
var path = pathname.replace(/sess[^&]*&?/, "");
}
$.ajax({
type: "POST",
url: "ajax/save_page.php",
data: 'last_page='+path
});
});
I have checked for errant commas and can't find any. If I pass a literal value through the Ajax call and comment out the rest of the function everything begins to work as it should but I need the whole function to work.
Ok, I'm beginning to realise that it isn't going to work on IE7 but I need the script to carry on working as it is without excluding IE7 users completely so I used..
if(navigator.appVersion.indexOf("MSIE 7.")!=-1)
to determine if the browser is IE7 and if so exclude that bit of script. Hopefully the user will be able to persuade their admin to upgrade them to a different browser when they realise that it isn't working as well as it could.
But, for the record, I agree that in an ideal world we shouldn't be supporting IE7 etc but in the real world a lot of people still use it and a lot can't do anything about it. I work within the medical and dental industries and a lot of hospitals etc (about 50%) are still using XP with IE7 with no immediate plans for upgrading despite knowing that XP is no longer supported by Microsoft.
Revision to solution
Ok, I have revised my solution, I am using php sessions now for passing around the sess variable that was previously in the url so I no longer have to try and take it out of the url whilst leaving the rest of the params intact.
So now I am using
var path = window.location.href;
$.ajax({
type: "POST",
url: "ajax/save_page.php",
data: 'last_page='+path
});
Which works fine in all of the browsers I am testing it in including IE7
My question regards the Apps CSP https://developer.mozilla.org/en-US/Apps/CSP
Here it says that all the remote script, inline script, javascript URIs, and other security issues won't work on a Firefox OS app.
So, I tried to download a script that is necessary for my app (Flurry and Ad service) and neither would work on the device. The way I made the call was with AJAX, that way I would avoid the remote and inline scripting that both scripts ment. In the simulator works perfectly, but on the device the ads never show and the Flurry session never starts.
Here is the part of my code where I make the AJAX call for Flurry:
$.ajax({
url: 'https://cdn.flurry.com/js/flurry.js',
dataType: "script",
xhrFields: {
mozSystem: true
},
success: function(msg){
console && console.log("Script de Flurry: luego de la descarga en AJAX "+msg);
flurryLibrary = true;
FlurryAgent.startSession("7ZFX9Z4CVT66KJBVP7CF");
},
error:function(object,status,errortxt){
console && console.log("The script wasn't downloaded as text. The error:" +errortxt);
flurryLibrary = false;
},
always: function(object,status,errortxt){
console && console.log("The script may or may not be downloaded or executed. The error could be:" +errortxt);
}
});
In my app I use the systemXHR permission and make the calls for other websites using this line:
request = new XMLHttpRequest({ mozSystem: true });
Wich is the same as using the xhrFields{mozSystem:true} in the AJAX call.
I believe it's not a cross domain problem because in the rest of my app I make calls for xml files that are not in my domain, and the calls are returned succesfully.
So, my question is, can a Firefox OS app execute scripts that are downloaded via AJAX? Is there a way to get around this problem?
Thank you for your time.
PS: I forgot to add that my app is privileged, just in case you ask
I believe that is a security feature and the short answer to your question would be NO. To quote the CSP doc that you linked to yourself:
You cannot point a at a remote JavaScript file. This means that all JS files that you reference must be included in your app's package.
If you load a JS file using ajax from a remote server, that JS is not included in your app package. You should be careful to obey CSP restrictions. It is possible to get many things working in the simulator or even the phone while developing without fully complying to CSP, but that does not mean it is OK. When you submit your app in future to any credible marketplace (such as Firefox Marketplace), it will be reviewed carefully to make sure it does not violate CSP restrictions. As a general rule of thumb, I would say any attempt at dynamically evaluating JS code will be a security risk and most likely banned by CSP regulations.
First, I'll point out that your two examples are not equivalent.
$.ajax({
xhrFields: {
mozSystem: true
},
});
Is the same as
request = new XMLHttpRequest();
request.mozSystem = true;
which is not the same as
request = new XMLHttpRequest({ mozSystem: true });
Instead, we can follow the advice in the linked bug report and run the following at application load time:
$.ajaxSetup( {
xhr: function() {
return new window.XMLHttpRequest( {
mozSystem: true
} );
}
} );
This alone should fix your problem. However, if it doesn't work, then the next workaround here is to fetch the script resource as plain text and then load that text content as a script.
However, inline scripts and data: URLs are off-limits for privileged Firefox OS apps. We might still accomplish this goal through a blob: URL, however:
window.URL = window.URL || window.webkitURL;
var request = new XMLHttpRequest({ mozSystem: true });
request.open("GET", "https://cdn.flurry.com/js/flurry.js");
// when the Ajax request resolves, load content into a <script> tag
request.addEventListener("load", function() {
// make a new blob whose content is the script
var blob = new Blob([request.textContent], {type: 'text/javascript'});
var script = document.createElement('script');
script.src = window.URL.createObjectURL(blob);
// after the script finishes, do something else
script.addEventListener("load", function() {
flurryLibrary = true;
FlurryAgent.startSession("7ZFX9Z4CVT66KJBVP7CF");
});
document.body.appendChild(script);
});
However, if the script itself does something not allowed by the CSP, then you're definitely out of luck.
You must use mozSystem and mozAnon properties, example:
var xMLHttpRequest = new XMLHttpRequest({
mozAnon: true,
mozSystem: true
});
Its a shame this is a problem, I was hoping on getting loadScript working, as firefoxOS is an environment, and in my app all the application code is HTML5 and local, the current rule is all the scripts need to be loaded in memory in one shot, unless you url load a full page, which means you can not have a persisten wrapper around the site, and ajax inthe pages with assosiated scripts when needed. you would have thought that firefox would have enabled local lazy load for scripts at least. works in chrome, but not in firefox.
I have some problems with page navigation using Windows Phone 8 with Apache Cordova 3.0.
I tried different ways to solve this problems but it still does not work.
At first i tried to use forms to navigate to another page.
<form action="CreateUser.html" method="get">
<input class="buttons" name="btnCreateUser" type="submit" value="Create User" />
</form>
When i click on the button the page can not be found. The CreateUser.html page is in the same directory. If i use a Browser (Chrome/IE) it works.
When i change the action to http://www.google.com both options (Browser and Phone) work.
I also tried to navigate to another page by using JavaScript. Here is my code:
function get(httpUrl) {
var xmlHttp = new XMLHttpRequest();
xmlHttp.open("GET", httpUrl, true);
xmlHttp.send(null);
return xmlHttp.responseText;
}
Now i use onclick="get("CreateUser")" event of the button but there is no reaction.
Both in the browser and on the mobile device.
The only thing that worked for me is the window.location feature. But it seems that i can't transform informations on the next page with that way.
Is there any opportuinity to navigate between those two pages and transfer some information?
Or did i just something wrong in my code?
"The CreateUser.html page" if i'm correct you are using AJAX to read file (page) contents and paste them in HTML?
If yes, then read this:
2.1. Cross-domain problem
Before making AJAX request you must allow cross-domain requests and core support, by setting:
jQuery.support.cors = true;
$.mobile.allowCrossDomainPages = true;
Those must be set in a specific-phonegap function “DeviceReady”, example:
document.addEventListener('deviceready', function () {
jQuery.support.cors = true;
$.mobile.allowCrossDomainPages = true;
$.ajax({
url: "www/about.txt",
dataType: 'text'
}).done(function (result) {
alert(result);
});
});
2.2. url
Making Windows Phone 8 oriented application, in AJAX request you MUST specify full path to resource, example:
url: "www/about.txt",
Making Windows Phone 8 oriented application, in AJAX request you MUST NOT specify full path to resource, example:
url: "about.txt",
2.3. Source File extensions
Be careful using unknown extension files, like template extension *.tpl or similar. Sometimes AJAX doesn’t like them, I suggest using simple *.txt and *.html extensions.
I'm trying to use jQuery Form Plugin to handle file uploads in an ajax form.
Everything works as long as I don't have an input[type=file] in the form.
When I add a file input type to the form, it will upload the file and work as it is supposed to in FireFox, but I get this error in Chrome:
Unsafe JavaScript attempt to access
frame with URL
http://swbdev.net:8888/inc/ajax/edit_page/
from frame with URL
http://swbdev.net:8888/site-pages-edit/19d8bb79c95e164f736f324d1b09a33e/1/#add_elements.
Domains, protocols and ports must
match.
It clearly states the Domain, protocols and ports must match. Am I missing something, in that same error it shows the two URLs and the domain, protocol and port all match?
Here is the JavaScript calling the plugin:
<script type="text/javascript">
$(document).ready(function() {
var options = {
success: function(data) {
alert(data);
},
dataType: 'html',
url: '/inc/ajax/edit_page/'
};
$('#add_elements_form').ajaxForm(options);
});
</script>
MORE INFO:
It's now failing in FireFox as well, not sure why it worked earlier, but here is the error in FireFox:
Permission denied for
http://swbdev.net:8888 to get
property Location.href
It points to this area of code in the plugin:
function cb() {
if (xhr.aborted) {
return;
}
var doc = io.contentWindow ? io.contentWindow.document : io.contentDocument ? io.contentDocument : io.document;
if (!doc || doc.location.href == s.iframeSrc) {
// response not received yet
if (!timedOut) return;
}
io.detachEvent ? io.detachEvent('onload', cb) : io.removeEventListener('load', cb, false);
var ok = true;
Specifically, this line:
if (!doc || doc.location.href == s.iframeSrc
I recently ran into the same issue with jquery file upload. Error was same as David B had
"Unsafe JavaScript attempt to access frame with URL http://swbdev.net:8888/inc/ajax/edit_page/ from frame with URL http://swbdev.net:8888/site-pages-edit/19d8bb79c95e164f736f324d1b09a33e/1/#add_elements. Domains, protocols and ports must match."
In my case both calling page url and file-upload url were pointed to xxx.mydomain.com, but when the calling page was loaded, one javascript was setting document.domain to mydomain.com and was causing the error. Checking for document.domain after the calling page was loaded, revealed the issue and fixed by removing the document.domain line in javascript for xxx.mydomain.com
Definitely weird. I would try setting the whole thing to "POST" since the input[type=file] will require that. Of course it should work even mixed, but give this a try.
$(document).ready(function() {
var options = {
success: function(data) {
alert(data);
},
dataType: 'html',
type: 'POST', // <-- This was added
url: '/inc/ajax/edit_page/'
};
$('#add_elements_form').ajaxForm(options);
});
I have an iframe using the jQuery 1.4.2 script. The same iframe is injected into both http and https sites. The jQuery script is included in the main HTML file as a relative path (e.g., /scripts/jquery-1.4.2.min.js).
When an AJAX call is made, Internet Explorer denies access. The AJAX is calling on another subdomain, but it's using the right protocol. All other browsers work but Internet Explorer gives the following error:
SCRIPT5: Access is denied.
jquery-1.4.2.min.js, line 127 character 344
I heard this error is from cross-domain AJAX calls. But why is IE the only one giving me crap? Is there an IE solution?
Also, this is my AJAX:
$.ajax({
url: thisURL,
dataType: "json",
data: {cmd : 'getMessage', uurl: urlVar, t: Math.random()},
success: function(ret){
callback(ret)
}
});
IE requires you to use XDomainRequest instead of XHR for cross site, you can try something like...
if ($.browser.msie && window.XDomainRequest) {
// Use Microsoft XDR
var xdr = new XDomainRequest();
xdr.open("get", url);
xdr.onload = function() {
// XDomainRequest doesn't provide responseXml, so if you need it:
var dom = new ActiveXObject("Microsoft.XMLDOM");
dom.async = false;
dom.loadXML(xdr.responseText);
};
xdr.send();
} else {
// your ajax request here
$$.ajax({
url: thisURL,
dataType: "json",
data: {cmd : 'getMessage', uurl: urlVar, t: Math.random()},
success: function(ret){
callback(ret)
}
});
}
Reference
http://forum.jquery.com/topic/cross-domain-ajax-and-ie
not sure whether it fits your scenario
xdr = new XDomainRequest();
xdr.onload=function()
{
alert(xdr.responseText);
}
xdr.open("GET", thisUrl); //thisURl ->your cross domain request URL
//pass your data here
xdr.send([data]);
you can find some more guidance here
This solved the issue gracefully for me:
https://github.com/MoonScript/jQuery-ajaxTransport-XDomainRequest
Just install/compile after jQuery and before your script and use the $.ajax method as you normally would, the rest is handled behind the automatically.
Have you try to use the lastest of JQuery(> jquery-1.8.0)? Since the version 1.8.0, they solved some IE9's bugs. Perhaps this one too.
http://blog.jquery.com/2012/08/30/jquery-1-8-1-released/
I had a similar problem and the solution for me was to use jsonp instead of json. That way I didn't have to break out a customer version for IE.
You can only do this if the json server host supports the callback request variable or you have access to the server and can add support. Here is a page that helped me understand the process. Its .net mvc focused, but it gives a good over view of the diffrence between json and jsonp.
http://blogorama.nerdworks.in/entry-EnablingJSONPcallsonASPNETMVC.aspx
Check the domain you are accessing, following response headers should be there
"Access-Control-Allow-Methods" : "POST, GET, OPTIONS"
"Access-Control-Allow-Origin" : "http://www.mydomain.com" or "*"
the other domain should allow your script request. One more header to be added to your response is P3P header.
"p3p" : "CP=IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
it should help you out.
I was facing similar issue.
I was using file upload control but it was hidden and I had another element trying to control the file upload and events to upload file in ajax way
try using the file upload control directly. this solved issue in my application.
I get this bug (and thus google here) but the reason was very different. So if you don't have cross site and still get this access denied error: double check the value sent
let's say that you affect one of you variable with the bad following expression:
urlVar = $("theID").val // without () this was the error!
[...]ajax call:
data: {cmd : 'getMessage', uurl: urlVar, t: Math.random()},
Google/FF have no problem with this (check what is receive server side...) BUT IE refuse to send this!
I changed my JQuery from version 1.10.1 to 1.10.2 and it seems to have solved this problem for me.
It seems that MS is finding its own way of doing things, rather than adopting industry recommendations. I found the solution here:
https://github.com/MoonScript/jQuery-ajaxTransport-XDomainRequest/blob/master/jQuery.XDomainRequest.js
Simply add 'callback=?' on your ajax URL request like here:
http://wsvdmeer.blogspot.com.es/2012/08/bugfix-getjson-not-working-in-ie.html