Side navigation
#3146 closed bug (invalid)
Opened July 09, 2008 04:13PM UTC
Closed August 03, 2008 03:03AM UTC
Last modified March 14, 2012 05:20PM UTC
cross-site ajax over http post
| Reported by: | davidcornish | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 1.3 |
| Component: | ajax | Version: | 1.2.6 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
Attempting to do an ajax call cross-site using JSONP over http post fails in Firefox 2.0.0.15 with:
Permission denied to call method XMLHttpRequest.open
in Firefox 3 with
Access to restricted URI denied
and hangs in IE 7.
This is with the patch from #3045 applied to detect change in protocol.
It works fine with type: "GET", just not type: "POST"
Attachments (0)
Change History (7)
Changed July 09, 2008 09:26PM UTC by comment:1
| component: | core → ajax |
|---|
Changed July 09, 2008 09:29PM UTC by comment:2
Your details are not quite enough to be able to handle this.
Could you provide a test case ? a minimalistic html file with the requires html and js to reproduce the problem.
Thanks.
Changed July 10, 2008 09:36AM UTC by comment:3
Sure, sorry for not doing so before.
There's a test page at http://www.ivpbooks.com/test/3146.html
The javascript is at http://www.ivpbooks.com/test/3146.js
The PHP script I'll include below.
It can be tested without cross-site calling at:
https://www.ivpbooks.com/test/3146.html
(which works on both get and post)
or with cross-site calling at:
http://www.ivpbooks.com/test/3146.html
(which only works on get, not post - the subject of this bug)
It looks to me that the code which supports cross-site JSONP explicitly is checking for GET, but I'm too new to all this to follow its logic correctly.
Let me know if I can let you have anything else. Thanks for your help.
3146.php:
<?php
$email = $_REQUEST['u'] ;
$pwd = $_REQUEST['p'] ;
$jsonp = $_REQUEST['jsoncb'] ;
// We really only want alphanumeric callback functions
if(preg_match("/^[a-zA-Z0-9_]+$/",$jsonp) == 0)
$jsonp = "";
// Just a tiny script for bug reporting
if($email == "test@test.com" and $pwd == "test")
echo "$jsonp({\\"success\\":true})";
else
echo "$jsonp({\\"success\\":false})";
?>
Changed July 15, 2008 02:28AM UTC by comment:4
One question, I might be getting this wrong, but I don't think JSONP works with POST.
The idea is explicitely using a script tag with a callback to load JSON. And you can send POST variables with a script.
Changed July 22, 2008 04:36PM UTC by comment:5
I've looked at it more and no, you can't do JSONP over POST for the reason you say.
It might be good to put this in the docs and throw an exception if it is attempted.
I wonder if it might be possible to implement by generating a form which posts the data into a generated iframe, then reading back the contents of the generated iframe?
Changed August 03, 2008 03:03AM UTC by comment:6
| resolution: | → invalid |
|---|---|
| status: | new → closed |
Eh... I don't think there's a real need for this. And your proposed technique seems like a LOT of work(code) for such a specific situation.
Changed August 11, 2008 02:23PM UTC by comment:7
I think it would help if it were clarified more clearly that it is GET only in
http://docs.jquery.com/Ajax/jQuery.ajax#options
but I appreciate the lack of intention to implement a workaround
The scenario for use, for what it is worth, is posting data over an HTTPS connection which you don't want sniffed from an HTTP original page.