Security violation foreign domain?

**Tom Cole** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On May 8, 3:55 am, Geoff Cox <g...@freeuk.no tcomwrote:

Hello,
>
I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.
>
This true? If yes, why do all above browsers allow it to happen?!
>
The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.
>
Any workaround?
>
Any thoughts?
>
Cheers
>
Geoff

How exactly do you "access" these files?

**Joost Diepenmaat** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

Geoff Cox <gcox@freeuk.no tcomwrites:

Hello,
>
I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.
>
This true? If yes, why do all above browsers allow it to happen?!

Those questions can only be answered if you explain how your code
works. Javascript/browsers don't usually have built-in "access some
audio files" methods.

The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.
>
Any workaround?

Probably, yeah.

Any thoughts?

Use flash instead? (I'm only half kidding).

--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/

**Geoff Cox** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On Thu, 08 May 2008 14:34:26 +0200, Joost Diepenmaat <joost@zeekat.n l>
wrote:

>Geoff Cox <gcox@freeuk.no tcomwrites:
>

>Hello,
>>
>I have been using Javascript to access some audio files from another
>server and there has been no associated problem with IE or FF but
>Opera gave an error message which led me to read that accessing files
>from a "foreign" domain name is a security violation for Javascript.
>>
>This true? If yes, why do all above browsers allow it to happen?!

>
>Those questions can only be answered if you explain how your code
>works. Javascript/browsers don't usually have built-in "access some
>audio files" methods.

Joost,

I am using soundmanager2

SoundManager 2: Javascript Sound For The Web - Schillmania.com

http://www.schillmania.com/content/projects/soundmanager2/

A new, fancier version of a Javascript sound project allowing people to add sound, or make sound apps using Javascript.

the audio files are accessed using an http link such as

soundManager.cr eateSound({
id:'mySound'+t,
url:'http://www.differentsi te.com/audio/Track' + (+t+35) + '.mp3',
onfinish:functi on(){document.g etElementById(' test'+t+1).clas sName =
'visibleDiv2'} });
soundManager.pl ay('mySound'+t) ;
count++;
}

Cheers

Geoff

>

>The reason for putting the audio files on another server was to cope
>with a possible heavy demand brought about by a radio mention of this
>site.
>>
>Any workaround?

>
>Probably, yeah.
>

>Any thoughts?

>
>Use flash instead? (I'm only half kidding).
>

**Geoff Cox** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On Thu, 8 May 2008 04:43:10 -0700 (PDT), Tom Cole <tcole6@gmail.c om>
wrote:

>On May 8, 3:55 am, Geoff Cox <g...@freeuk.no tcomwrote:

>Hello,
>>
>I have been using Javascript to access some audio files from another
>server and there has been no associated problem with IE or FF but
>Opera gave an error message which led me to read that accessing files
>from a "foreign" domain name is a security violation for Javascript.
>>
>This true? If yes, why do all above browsers allow it to happen?!
>>
>The reason for putting the audio files on another server was to cope
>with a possible heavy demand brought about by a radio mention of this
>site.
>>
>Any workaround?
>>
>Any thoughts?
>>
>Cheers
>>
>Geoff

>
>How exactly do you "access" these files?

Tom,

please see my reply to Joost's email.

Cheers

geoff

**Tom Cole** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On May 8, 9:38 am, Geoff Cox <g...@freeuk.no tcomwrote:

On Thu, 8 May 2008 04:43:10 -0700 (PDT), Tom Cole <tco...@gmail.c om>
wrote:
>
>
>
>
>

On May 8, 3:55 am, Geoff Cox <g...@freeuk.no tcomwrote:

Hello,

>

I have been using Javascript to access some audio files from another
server and there has been no associated problem with IE or FF but
Opera gave an error message which led me to read that accessing files
from a "foreign" domain name is a security violation for Javascript.

>

This true? If yes, why do all above browsers allow it to happen?!

>

The reason for putting the audio files on another server was to cope
with a possible heavy demand brought about by a radio mention of this
site.

>

Any workaround?

>

Any thoughts?

>

Cheers

>

Geoff

>

How exactly do you "access" these files?

>
Tom,
>
please see my reply to Joost's email.
>
Cheers
>
geoff- Hide quoted text -
>
- Show quoted text -

That sounds like it really shouldn't be any different than creating an
img that points to some resource on another server. That is totally
legit and shouldn't really raise any concerns. I'm surprised that
Opera does.

If accessing files from another domain was restricted, there wouldn't
be much use for the internet really :).

The problem comes into play when you try to make an XMLHttpRequest to
another domain or access the DOM of a page provided from another
domain. That does not appear to be the issue here. So I wouldn't be
concerned.

VK · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On May 8, 5:38 pm, Geoff Cox <g...@freeuk.no tcomwrote:

I am using soundmanager2
>

SoundManager 2: Javascript Sound For The Web - Schillmania.com

http://www.schillmania.com/content/projects/soundmanager2/

A new, fancier version of a Javascript sound project allowing people to add sound, or make sound apps using Javascript.

>
the audio files are accessed using an http link such as
>
soundManager.cr eateSound({
id:'mySound'+t,
url:'http://www.differentsi te.com/audio/Track'+ (+t+35) + '.mp3',
onfinish:functi on(){document.g etElementById(' test'+t+1).clas sName =
'visibleDiv2'} });
soundManager.pl ay('mySound'+t) ;
count++;
>
}

That doesn't help too much as it is just the top level wrapper for the
underlaying code. From a quick look soundmanager2 simply creates
OBJECTs for Flash movies and later trying to interact with them using
Javascript on the page. ActionScript (ECMAScript implementation used
in Flash) has its own security model that doesn't coerce with the
browser security model in many details. This way the
ActionScript<>J avascript interaction is normally disabled or limited
on current browsers so to keep both models by their own.

**Geoff Cox** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On Thu, 8 May 2008 14:11:44 -0700 (PDT), VK <schools_ring@y ahoo.com>
wrote:

>On May 8, 5:38 pm, Geoff Cox <g...@freeuk.no tcomwrote:

>I am using soundmanager2
>>
>http://www.schillmania.com/content/p...soundmanager2/
>>
>the audio files are accessed using an http link such as
>>
>soundManager.c reateSound({
>id:'mySound'+t ,
>url:'http://www.differentsi te.com/audio/Track'+ (+t+35) + '.mp3',
>onfinish:funct ion(){document. getElementById( 'test'+t+1).cla ssName =
>'visibleDiv2 '} });
>soundManager.p lay('mySound'+t );
>count++;
>>
>}

>
>That doesn't help too much as it is just the top level wrapper for the
>underlaying code. From a quick look soundmanager2 simply creates
>OBJECTs for Flash movies and later trying to interact with them using
>Javascript on the page. ActionScript (ECMAScript implementation used
>in Flash) has its own security model that doesn't coerce with the
>browser security model in many details. This way the
>ActionScript<> Javascript interaction is normally disabled or limited
>on current browsers so to keep both models by their own.
>

VK,

I'm not sure that I totally follow you - is taking the mp3 files from
the other server a problem or not?!

IE and FF do not complain (ie no error messages) and play the files.
Opera complains but plays them...

I am concerned that other users of IE and FF may have a different
experience from mine and might not be able to play the sounds?!

Cheers

GTeoff

**Geoff Cox** · Jun 27 '08, 07:11 PM

Re: Security violation foreign domain?

On Thu, 8 May 2008 13:42:22 -0700 (PDT), Tom Cole <tcole6@gmail.c om>
wrote:

>>
>please see my reply to Joost's email.
>>
>Cheers
>>
>geoff- Hide quoted text -
>>
>- Show quoted text -

>
>That sounds like it really shouldn't be any different than creating an
>img that points to some resource on another server. That is totally
>legit and shouldn't really raise any concerns. I'm surprised that
>Opera does.
>
>If accessing files from another domain was restricted, there wouldn't
>be much use for the internet really :).
>
>The problem comes into play when you try to make an XMLHttpRequest to
>another domain or access the DOM of a page provided from another
>domain. That does not appear to be the issue here. So I wouldn't be
>concerned.

Tom,

Thanks - that's reassuring!

Cheers

Geoff

Security violation foreign domain?

Security violation foreign domain?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment