XMLHTTP Questions

Re: XMLHTTP Questions



parksch2@hotmai l.com wrote:
[color=blue]
> When I execute the following example code from my local test
> environment:
>
> var [xmlhttp object set based on availability]
> xmlhttp.open("H EAD", "http://www.google.com" ,true);
> xmlhttp.onready statechange=fun ction() {
> if (xmlhttp.readyS tate==4) {
> alert(xmlhttp.g etAllResponseHe aders())
> }
>
> I personally get a "Permission Denied" error but for a bunch of people
> at my office this works. I'm assuming that's a SP2 or MS patch/hotfix
> thing? Does anyone know exactly why?[/color]

In IE you would need to allow access to data sources from a different
domain, check the IE settings for the zone you are loading the page with
the script from.
For Mozilla you need to have your script request permission.
[color=blue]
> My next question is, supposing I can get past the permissions error,
> does anyone know if I can use the XMLHTTP object to obtain the cookie
> that is passed from a site? When I change "http://www.google.com" to
> "/" I can see the entire header passed from my site but it doesn't
> contain any cookie info.[/color]

If the server sends a cookie you should see it using
getAllResponseH eaders() (well if that is supported, unfortunately Opera
so far it its 8.00 beta doesn't care about such functionality).

--

Martin Honnen

Re: XMLHTTP Questions

XMLHTTP uses the same cookie state as IE. If you obtain a cookie from
an XMLHTTP session, it is shared with IE, and vice versa. For example,
if you sign in to yahoo with IE with cookies enabled, and then request
the yahoo home page via XMLHTTP, you'll see that you are already signed
in.

Some older versions of XMLHTTP have bugs regarding https requests, so
make sure all the PCs have the latest version of IE. Also, xmlhttp
disallows transfers between http and https by design, unless the
"access data sources across domains" setting is enabled in IE.

Re: XMLHTTP Questions

In article <1111735020.405 643.320040@z14g 2000cwz.googleg roups.com>,
humbads@gmail.c om says...[color=blue]
> XMLHTTP uses the same cookie state as IE. If you obtain a cookie from
> an XMLHTTP session, it is shared with IE, and vice versa. For example,
> if you sign in to yahoo with IE with cookies enabled, and then request
> the yahoo home page via XMLHTTP, you'll see that you are already signed
> in.
>
> Some older versions of XMLHTTP have bugs regarding https requests, so
> make sure all the PCs have the latest version of IE. Also, xmlhttp
> disallows transfers between http and https by design, unless the
> "access data sources across domains" setting is enabled in IE.
>
>[/color]
The latest versions also check to see if the site is in the IE Trusted
Zone. That is a huge security issue that M$ had to implement.

I found that out when working on my Hotmail connection article for
Hardcore Delphi.

Re: XMLHTTP Questions

Thanks for the replies!