Hi again, I've had problems with XmlHttp lately, and here are some observations.
0) Logged in as a regular user, running racetv with the new container, XmlHttp.open() fails with Permission denied 1) If I'm logged in as an admin, it works 2) Running in DQSD classic, it works 3) First running in DQSD classic, doing racetv, removing the classic toolbar, adding the new one and doing racetv again works To me, (3) indicates the lookup is cached somewhere on a per-process basis. I've stepped through the assembly code of msxml4.dll, and the XmlHttpRequest implementation is actually calling an internal function called UrlOpenAllowed, which does some evaluation (I haven't been able to decipher exactly what, yet) and returns E_ACCESSDENIED (Permission denied, in JScript speak). While executing, though, this function in turn calls CoInternetCreateSecurityManager and CoInternetIsFeatureEnabled, which is new for XP SP2. What's weird about this is that I provide a custom security manager from the container, that's how we manage to get around most of the other security issues in SP2. This is described in painful detail here [1]. So if things worked the way I would expect, MSXML would call back into our host to ask about the policy. However, it seems the XML package fails to ask us, but rather just asks the system default security manager. I've found a couple of workarounds: - Implement a more generic HttpRequest from scratch - Wrap XmlHttpRequest in a COM object of our own, so that the jscript engine doesn't create it through IE, and thereby has no power over it - (Not tested) Add a createHttpRequest method to DQSD's Launcher that just returns an XmlHttpRequest object that IE was not involved in creating. Sorry, this probably didn't make a lot of sense, but I felt I needed to vent :-) I'll get back to you if I find a pure solution. - Kim [1] http://msdn.com/workshop/security/szone/overview/overview.asp ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Archive: https://lists.sourceforge.net/lists/listinfo/dqsd-devel
