Access to restricted URI denied code: 1012

Question

How do you get around this Ajax cross site scripting problem on FireFox 3?

Answer 1

If you're using jQuery it has a callback function to overcome this:

http://docs.jquery.com/Ajax/jQuery.ajax#options

As of jQuery 1.2, you can load JSON data located on another domain if you specify a JSONP callback, which can be done like so: "myurl?callback=?". jQuery automatically replaces the ? with the correct method name to call, calling your specified callback. Or, if you set the dataType to "jsonp" a callback will be automatically added to your Ajax request.

Alternatively you could make your ajax request to a server-side script which does the cross-domain call for you, then passes the data back to your script

Answer 2

To update the answer (I guess, mostly for my benefit when I come looking for this answer later on), if are loading XML or something else, you can always ask the user if he will allow us to read from another site with this code:

try {
    if (netscape.security.PrivilegeManager.enablePrivilege)
        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) { 
    alert("Sorry, browser security settings won't let this program run."); 
    return; 
}

(from the RESTful web services book) But, this only works in firefox, when the html file is loaded from local file. So, not that useful.

Answer 3

One more solution: if all you need is the headers, you can specify "HEAD" as the method and it won't trigger the security issue. For instance, if you just want to know if the web page exists.

var client = new XMLHttpRequest();
client.open("HEAD", my_url, false);
client.send(null);
if(client.readyState != 4 || client.status != 200) //if we failed
    alert("can't open web page");