document.domain obsoleted?

[Alejandro Rivero]

I am a bit puzzled with Firefox 2.0.0.13

I have a page http://xxx.yyy.com/here/whatever.html and it must do the
usual thing, to fetch something from http://yyy.com/there.xml

so

document.domain = "yyy.com";
reql= new XMLHttpRequest();
req.open("GET", "http://yyy.com/there.xml");
req.send();

fails in the req.open. WTF?

 

[Martin Honnen]

I am a bit puzzled with Firefox 2.0.0.13

I have a page http://xxx.yyy.com/here/whatever.html and it must do the
usual thing, to fetch something from http://yyy.com/there.xml

so

document.domain = "yyy.com";
reql= new XMLHttpRequest();
req.open("GET", "http://yyy.com/there.xml");
req.send();

fails in the req.open. WTF?

What does the error console say?
Is the problem specific to that Firefox release (2.0.0.13) or do you get
the same problem with other releases as well? What about other browsers?

 

[Tom Cole]

I am a bit puzzled with Firefox 2.0.0.13

I have a pagehttp://xxx.yyy.com/here/whatever.htmland it must do the
usual thing, to fetch something fromhttp://yyy.com/there.xml

so

document.domain = "yyy.com";
reql= new XMLHttpRequest();
req.open("GET", "http://yyy.com/there.xml");
req.send();

fails in the req.open. WTF?

I have no idea if this will help, but:
http://jszen.blogspot.com/2005/03/cross-domain-security-woes.html

 

[Thomas 'PointedEars' Lahn]

I am a bit puzzled with Firefox 2.0.0.13

I have a page http://xxx.yyy.com/here/whatever.html and it must do the
usual thing, to fetch something from http://yyy.com/there.xml

so

document.domain = "yyy.com";
reql= new XMLHttpRequest();
req.open("GET", "http://yyy.com/there.xml");
req.send();

fails in the req.open. WTF?

document.domain does not apply to XHR. The reason is probably that the
former implements a different (older) API than the latter. Note that
document.domain should be read-only per W3C DOM Level 2 HTML, so we are
violating the Spec already with allowing write access to it for accessing
properties that are tainted by default (does anyone here even remember that
NS4 feature?). Therefore, it would appear doubtful whether filing a bug
against it would actually move anything or anyone, but you are welcome to try.


PointedEars

 

[Alejandro Rivero]

document.domain does not apply to XHR.

I see. I was mislead due to some hints on the contrary, as well as my
bad memory and the fact that actually it applies someway: if I set
document.domain to a different value that the real one, some XHR in
firefox stop working. I guess that this could qualify for a bug but I
do not know if I am interesting on researching further; it could also
be that document.domain is used in a lateral way, (eg to build the
full URL of relative paths).

The reason is probably that the
former implements a different (older) API than the latter. Note that
document.domain should be read-only per W3C DOM Level 2 HTML, so we are
violating the Spec already with allowing write access to it for accessing
properties that are tainted by default (does anyone here even remember that
NS4 feature?). Therefore, it would appear doubtful whether filing a bug
against it would actually move anything or anyone, but you are welcome to try.

what I find really bad is that then there is no way to do cross-site
XML even in the same main domain.

 

[Alejandro Rivero]

Why not create a single server side resource that does not have these
limitations to fetch all this stuff for you and return it?

You know, something where you could pass the url of the desired
resource, it would open that resource and pass you back the contents.

--

Yeah, at the end I will probably iframe a single page in the server,
and then dojo-trick.

 

[Bart Van der Donck]

Alejandro Rivero wrote:

....

Yeah, at the end I will probably iframe a single page in the server,
and then dojo-trick.

I think using an (invisible) iframe is still a very good alternative;
although XMLHttpRequest is more fashionable nowadays. Iframes require
less code and allow cross-domain resources to be loaded (not
scripted); while XMLHttpRequest knows statuses, access to page
headers, multi-threading etc. In think both are possible in your case.