Derrell Lipman wrote:
>
> Whenever you attempt to work with multiple ports or servers, you're
> asking for trouble.
>
Derrel is right. Using different ports will force you to use «special
tricks»... The proxy approach seems allot more cleaner and likely to work
better in the future (browser's security is getting tighter over time).
On the other hand, if you really must use the other approach, I've used
"netscape.security.PrivilegeManager.enablePrivilege('UniversalBrowserRead')"
to accomplish this in the past and it should work. Note that «Privileges are
granted only in the scope of the requesting function» [1] so you must enable
the privilege just before the server connection is performed (i.e., in the
same scope as "callAsync" [2]). I haven't tested this using qooxdoo RPC
infrastructure, though...
Finally, could/should this ("UniversalBrowserRead" privilege support) be
integrated into the framework? I'm not sure about this, as this may raise
several security issues (the user really must trust the application to allow
such setting) and alarmist dialogs will be shown to the user. Nevertheless,
this would allow using cleaner XHR approach for many cases where (I'm
assuming) script transport is being used.
Helder Magalhães
[1] http://www.mozilla.org/projects/security/components/signed-scripts.html
[2] http://demo.qooxdoo.org/current/apiviewer/#qx.io.remote.Rpc~callAsync
--
View this message in context:
http://www.nabble.com/Permission-denied-to-call-method-XMLHttpRequest.open-tp15310344p15329967.html
Sent from the qooxdoo-devel mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
qooxdoo-devel mailing list
qooxdoo-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
