5
Contributors
5
Replies
6
Views
9 Years
Discussion Span
Last Post by jquick
Featured Replies
  • 1
    ~s.o.s~ 2,560   9 Years Ago

    > at url [url]http://lowellbonnell.ca/index.php?view=Markets[/url] my ajax will only work if you insert the > www in firefox. IE is fine either way. This is because the browser thinks you are trying to do [URL="http://www.owasp.org/index.php/Cross_Site_Scripting"]XSS[/URL]. Read More

0

Hi,
my ajax will only work if you insert the www in firefox. IE is fine either way.

Any ideas?

Well, I fixed it with this javascript anyway....

var a = document.location.href;
    if (a.substr(7,3) == "www") {
        tmp = "http://www.domain.ca";
    }else{
        tmp = "http://domain.ca";
    }

Basically whatever url I passed in xmlHttp.open("GET",urlstr,true) had to match the actual url in the address bar.

0

Now you know the secret.

Since the Hebrew digits are the first 10 letters of the alphabet, their w is also a 6.

So "www" = "666".

So naturally, evil adds the "www".

:icon_mrgreen:

1

Basically whatever url I passed in xmlHttp.open("GET",urlstr,true) had to match the actual url in the address bar.

Yes, this is the case. www.domain.com is a different subdomain from domain.com in terms of the address.. it might not infact be a different subdomain but the address indicates that it is. FF is security conscious, it'll think your trying to issue ajax requests to a foreign domain.

If you're ajax-ing to the same server that the page is hosted on ( which is all you should be allowed to do ), then try using a '/' rather than a http:// and domain.. i.e, instead of ajax-ing 'http://www.yourdomain.tld/thescript.cgi', ajax '/thescript.cgi'.. this will only work if your page is on 'yourdomain.tld', and not in a subdomain (other than www).

Comments
thanks, very informative.
0

Yep you are right. That is a little quirk in the Mozilla XMLHTTP object. You should really be using some kind of library to perform your asynchronous javascript calls. JQUERY makes it super easy and is compatible with all broswers.

http://jquery.com/


jenni

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.