How to carry out Cross Domain request in a Webbrowser Control?

Question

As you know doing Cross Domain XMLHTTP requests is not allowed for security reasons under Internet Explorer.

I have a WebBrowser Control and I'm using DocumentText instead of Navigate to a URL. Since the current domain is about:blank when the page tries to do a request to itself or other domain I'm getting Access is denied Javascript error.

Even when I use Navigate if the Javascript do a request to another domain it doesn't work.

How can I get around this?

This HTML code should work with WebBrowser Control:

<body>

<a href="javascript:getit('http://www.google.com')">this should work</a>
<div id="x"></div>

</body>

<script>
function XHConn()
{
  var xmlhttp, bComplete = false;
  try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); }
  catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); }
  catch (e) { try { xmlhttp = new XMLHttpRequest(); }
  catch (e) { xmlhttp = false; }}}
  if (!xmlhttp) return null;
  this.connect = function(sURL, sMethod, sVars, fnDone)
  {
    if (!xmlhttp) return false;
    bComplete = false;
    sMethod = sMethod.toUpperCase();

    try {
      if (sMethod == "GET")
      {
        xmlhttp.open(sMethod, sURL+"?"+sVars, true);
        sVars = "";
      }
      else
      {
        xmlhttp.open(sMethod, sURL, true);
        xmlhttp.setRequestHeader("Method", "POST "+sURL+" HTTP/1.1");
        xmlhttp.setRequestHeader("Content-Type",
          "application/x-www-form-urlencoded");
      }
      xmlhttp.onreadystatechange = function(){
        if (xmlhttp.readyState == 4 && !bComplete)
        {
          bComplete = true;
          fnDone(xmlhttp);
        }};
      xmlhttp.send(sVars);
    }
    catch(z) { return false; }
    return true;
  };
  return this;
}

function getit(url){
    var xmlhttp = new XHConn();
    var fnWhenDone = function (oXML) { document.getElementById('x').innerHTML = oXML.responseText; alert(oXML.responseText); };
    xmlhttp.connect(url, "GET", "", fnWhenDone);
}

</script>

• I don't have control over Javascript / HTML code, my application only hosts a Webbrowser Control
• I found something called CROSS_DOMAIN_DATA URL Action Flags, not sure if it's right direction. Even it's I'm not sure how to implement it.
• Also if you can answer to this question : How to set current document.domain in WebBrowser Control to avoid “Access is denied”? that's enough for me as well.

Answer 1

I found a dirty workaround, load a local HTML (c:\temp\temp.html) and then modify the content of it via javascript.

After this point there is no more CrossDomain restrictions however using document.write causing other nasty problems such as JQuery .ready functions won't work.