[Proto-Scripty] Re: Ajax.Request - can't get to work in Firefox, Chrome

[Pam]

Thank you very much !!!

Without *addHeader* the following code only worked on IE, but adding this 
line also works in Chrome and Firefox.

The problem was Chrome and Firefox html page didn't receive xmlhttp.status 
== 200, only xmlhttp.readyState == 4, only received status == 0.


public void doGet(HttpServletRequest request, 
  HttpServletResponse response)
  throws IOException{

*response.addHeader("Access-Control-Allow-Origin", "*");*

PrintWriter out = response.getWriter();
java.util.Date today = new java.util.Date();
out.write("\n" +
"\n" +
"Ejemplo1 de Servlet\n" +
"\n" + today + "\n"+
""
);

}

-- Pam



On Tuesday, March 16, 2010 1:08:00 PM UTC-4, Ronen wrote:
>
> Excellent.  Thanks very much T.J.. your idea worked.
>
> In my servlet, I overrided the doOptions() method from HttpServlet and
> returned the response headers that you suggested:
>
> > response.addHeader("Access-Control-Allow-Origin", "*");
> > response.addHeader("Access-Control-Allow-Methods", 
> request.getHeader("Access-Control-Request-Methods"));
> > response.addHeader("Access-Control-Allow-Headers", 
> request.getHeader("Access-Control-Request-Headers"));
>
> and Firefox and Chrome both started working beautifully (also verified
> that IE still works).
>
> In the end, my overall intent is to package this HTML file with my web
> application, so it sounds like I won't need to have this doOptions()
> in my servlet.  It's just that in the beginning, I figured I would
> test the HTML file outside of the web app and I guess I didn't realize
> I would run into this kind of trouble.  Still, it's always good to
> know how to go about fixing something like this in the future.
>
> Thanks for everyone's help.
>
> --Ronen
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prototype-scriptaculous+unsubscr...@googlegroups.com.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
Visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Proto-Scripty] Re: Ajax.request problem

[Gaurav Dubey]

Hello Akaballa

   Well as long as I understand prototype ajax request you need to add 
"asynchronous: false, " in you ajax request definition.
So try like this:
  new Ajax.Request('some url',
{
   asynchronous: false, 
method:'post',
parameters: {searchString: searchQuery},
onSuccess: function(transport)
{ 
var str = transport.responseText || "no response text";
$('searchResponse').update(str); 
 },
onFailure: function()
{
alert('Unable to retrieve requested data. Please try again.');
}
 });



Let me know if it still creates problem for you.
On Wednesday, 22 October 2008 19:49:30 UTC+5:30, akaballa wrote:
>
> Well I implemented what you said and debugged my code through firebug 
> and found out that the request is not sent because of the following 
> error: 
>
> Prototype is not defined 
> dispatchException()Prototype.js (line 1355) 
> respondToReadyState()Prototype.js (line 1322) 
> onStateChange()Prototype.js (line 1249) 
> bind()Prototype.js (line 214) 
> [Break on this error] (this.options.onException || 
> Prototype.emptyFunction)(this, exception); 
>
> i did not make any changes to the prototype.js file.  So I have no 
> idea what the problem is. 
>
> On Oct 22, 8:18 am, Baglan  wrote: 
> > I see an error in your code which could have prevented it from working 
> > at all; the ',' (comma) after the onSuccess function definition is 
> > missing (happens to me all to frequently :)) - could that be the issue 
> > or is it a typo? 
> > 
> > I'd suggest you to use some kind of debugger for spotting that kind of 
> > issues. Personally, I'm using FireBug for Firefox - it shows if there 
> > were any Javascript errors and lets you inspect AJAX requests easily. 
> > 
> > - Baglan 
> > 
> > p.s. Here's the link for the Firebug: 
> > 
> > https://addons.mozilla.org/en-US/firefox/addon/1843

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/prototype-scriptaculous/-/W8Rbn15ThIwJ.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

Re: [Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Walter Lee Davis]

Thanks very much for the added detail. I filed an issue on the Github project 
for the Python server, and within hours another Githubber had posted a pull 
request fixing the bug. The server was just not aware of what to do if it got 
such an OPTIONS request, so it was falling over.

Walter

On Apr 13, 2012, at 5:26 AM, Victor wrote:

> It seems to be an issue on their server (BaseHTTP/0.3 Python/2.7.1+ according 
> to FireBug). I'll file a bug and see what happens.
> 
> XHR without setRequestHeader sends usual 'GET' request:
> 
> Request URL: http://zip.elevenbasetwo.com/?zip=a
> Request Method: GET
> Status Code: 404 Not Found
> Request Headers
> Accept: */*
> Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
> Accept-Encoding: gzip,deflate,sdch
> Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
> Connection: keep-alive
> Host: zip.elevenbasetwo.com
> Origin: https://groups.google.com
> User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like 
> Gecko) Chrome/18.0.1025.142 Safari/535.19
> Response Headers
> Access-Control-Allow-Origin: *
> Connection: close
> Content-Type: text/plain
> Date: Fri, 13 Apr 2012 09:16:07 GMT
> Server: BaseHTTP/0.3 Python/2.7.1+
> 
> XHR with any setRequestHeader sends first 'OPTIONS' request (so-called 
> preflight):
> 
> Request URL: http://zip.elevenbasetwo.com/?zip=a
> Request Method: OPTIONS
> Status Code: 501 Not Implemented
> Request Headers
> Accept: */*
> Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
> Accept-Encoding: gzip,deflate,sdch
> Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
> Access-Control-Request-Headers: x-xxx, origin
> Access-Control-Request-Method: GET
> Connection: keep-alive
> Host: zip.elevenbasetwo.com
> Origin: https://groups.google.com
> User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like 
> Gecko) Chrome/18.0.1025.142 Safari/535.19
> Response Headers
> Connection: close
> Content-Type: text/html
> Date: Fri, 13 Apr 2012 09:20:32 GMT
> Server: BaseHTTP/0.3 Python/2.7.1+
> 
> It seems that some browsers (like Firefox and WebKit-based) may send CORS 
> requests without preflight for text/plain resources when no additional 
> headers are set. In other cases they send preflighted 'OPTIONS' request, 
> which is not implemented in this 'BaseHTTP/0.3 Python/2.7.1+' server.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Prototype & script.aculo.us" group.
> To view this discussion on the web visit 
> https://groups.google.com/d/msg/prototype-scriptaculous/-/6xIQrvgSIqsJ.
> To post to this group, send email to prototype-scriptaculous@googlegroups.com.
> To unsubscribe from this group, send email to 
> prototype-scriptaculous+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/prototype-scriptaculous?hl=en.

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

Re: [Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Victor]

>
> It seems to be an issue on their server (BaseHTTP/0.3 Python/2.7.1+ 
> according to FireBug). I'll file a bug and see what happens.
>
XHR without setRequestHeader sends usual 'GET' request:

Request URL: http://zip.elevenbasetwo.com/?zip=a
Request Method: GET
Status Code: 404 Not Found
*Request Headers*
Accept: */*
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Connection: keep-alive
Host: zip.elevenbasetwo.com
Origin: https://groups.google.com
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like 
Gecko) Chrome/18.0.1025.142 Safari/535.19
*Response Headers*
Access-Control-Allow-Origin: *
Connection: close
Content-Type: text/plain
Date: Fri, 13 Apr 2012 09:16:07 GMT
Server: BaseHTTP/0.3 Python/2.7.1+

XHR with any setRequestHeader sends first 'OPTIONS' request (so-called 
preflight
):

Request URL: http://zip.elevenbasetwo.com/?zip=a
Request Method: OPTIONS
Status Code: 501 Not Implemented
*Request Headers*
Accept: */*
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.3
Accept-Encoding: gzip,deflate,sdch
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers: x-xxx, origin
Access-Control-Request-Method: GET
Connection: keep-alive
Host: zip.elevenbasetwo.com
Origin: https://groups.google.com
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.19 (KHTML, like 
Gecko) Chrome/18.0.1025.142 Safari/535.19
*Response Headers*
Connection: close
Content-Type: text/html
Date: Fri, 13 Apr 2012 09:20:32 GMT
Server: BaseHTTP/0.3 Python/2.7.1+

It seems that some browsers (like Firefox and WebKit-based) may send CORS 
requests without preflight for text/plain resources when no additional 
headers are set. In other cases they send preflighted 'OPTIONS' request, 
which is not implemented in this 'BaseHTTP/0.3 Python/2.7.1+' server.

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/prototype-scriptaculous/-/6xIQrvgSIqsJ.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

Re: [Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Walter Lee Davis]

On Apr 12, 2012, at 12:14 PM, Victor wrote:

> Same browser (Safari.latest) on the same computer, the Prototype method gives 
> me a security failure (Origin [my host] is not allowed by 
> Access-Control-Allow-Origin.) while the long-hand XHR (inside a Prototype 
> observer) just works without any comment:
> 
> 
> Two differences I can notice:
> 1. Prototype sets request headers 'X-Requested-With', 'X-Prototype-Version', 
> 'Accept' with setRequestHeaders() - you don't
> 2. Prototype calls send with null argument
> this.transport.send(null); // Prototype
> vs
> client.send(); // your raw XHR
> 
> If you can test your code with these two changes - will it raise error?
> 
>   $('zip').observe('change', function(evt) {
> var client = new XMLHttpRequest();
> client.open("GET", "http://zip.elevenbasetwo.com?zip="; + $F(this), true);
> client.onreadystatechange = function() {
>   if(client.readyState == 4) {
> var data = client.responseText.evalJSON();
> $('city').setValue(data.city);
> $('state').setValue(data.state);
>   };
> };
> client.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
> client.setRequestHeader('X-Prototype-Version', '1.7');
> client.setRequestHeader('Accept', 'text/javascript, text/html, 
> application/xml, text/xml, */*');
> client.send(null);
>   });
> 
> 

Thanks very much for the suggestion. It looks as though ANY setRequestHeader 
invocation at all is enough to scuttle the request. I tried commenting one, 
then two, then all of them out. Without those three lines, the request works 
fine -- even with the null in the send. But add any one of them back, and the 
request fails. It seems to be an issue on their server (BaseHTTP/0.3 
Python/2.7.1+ according to FireBug). I'll file a bug and see what happens.

Walter

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Victor]

Is header 'Access-Control-Allow-Origin' present in responses for both 
examples?
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/prototype-scriptaculous/-/99KTZ-IvHG8J.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Victor]

>
> Same browser (Safari.latest) on the same computer, the Prototype method 
> gives me a security failure (Origin [my host] is not allowed by 
> Access-Control-Allow-Origin.) while the long-hand XHR (inside a Prototype 
> observer) just works without any comment:
>
>
> Two differences I can notice:
1. Prototype sets request headers 'X-Requested-With', 
'X-Prototype-Version', 'Accept' with setRequestHeaders() - you don't
2. Prototype calls send with null argument
this.transport.send(null); // Prototype
vs
client.send(); // your raw XHR

If you can test your code with these two changes - will it raise error?

  $('zip').observe('change', function(evt) {
var client = new XMLHttpRequest();
client.open("GET", 
"http://zip.elevenbasetwo.com?zip=" 
+ $F(this), true);
client.onreadystatechange = function() {
  if(client.readyState == 4) {
var data = client.responseText.evalJSON();
$('city').setValue(data.city);
$('state').setValue(data.state);
  };
};
*client.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
client.setRequestHeader('X-Prototype-Version', '1.7');
*
*client.setRequestHeader('Accept', 'text/javascript, text/html, 
application/xml, text/xml, */*');*
client.send(*null*);
  });

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To view this discussion on the web visit 
https://groups.google.com/d/msg/prototype-scriptaculous/-/6dUgLVmeJQkJ.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

Re: [Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Walter Lee Davis]

I understand the SOP, I was wondering why it worked when I violated SOP from a 
hard-coded XHR request. Under the hood, it is my understanding that Prototype 
sets up a very similar XHR request anyway. It doesn't make any sense that the 
one would work while the other did not. This server is specifically kinked to 
allow a request such as this, or else the SOP would cause it to fail no matter 
what. Can anyone point out the flaw in my logic here?

Walter

On Apr 11, 2012, at 9:00 PM, Jason wrote:

> 
> Have you tried to just use
> 
> new Ajax.Request('index.php', .);
> 
> vs the full URL
> 
> from the Ajax.Request source code
> 
> * - url (String): The URL to fetch. When the _same-origin_ policy is
> in
> * effect (as it is in most cases), `url` **must** be a relative URL or
> an
> * absolute URL that starts with a slash (i.e., it must not begin with
> * `http`).
> 
> 
> On Apr 10, 7:52 pm, Walter Lee Davis  wrote:
>> Typo, fixed; still fails, same error, before ever reaching this line.
>> 
>> On Apr 10, 2012, at 10:50 PM, Walter Lee Davis wrote:
>> 
>>>var data = responseText.evalJSON();
>> 
>> s/b var data = transport.responseText.evalJSON();
>> 
>> Walter
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Prototype & script.aculo.us" group.
> To post to this group, send email to prototype-scriptaculous@googlegroups.com.
> To unsubscribe from this group, send email to 
> prototype-scriptaculous+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/prototype-scriptaculous?hl=en.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request fails, while vanilla XHR works fine

[Jason]

Have you tried to just use

 new Ajax.Request('index.php', .);

vs the full URL

from the Ajax.Request source code

* - url (String): The URL to fetch. When the _same-origin_ policy is
in
* effect (as it is in most cases), `url` **must** be a relative URL or
an
* absolute URL that starts with a slash (i.e., it must not begin with
* `http`).


On Apr 10, 7:52 pm, Walter Lee Davis  wrote:
> Typo, fixed; still fails, same error, before ever reaching this line.
>
> On Apr 10, 2012, at 10:50 PM, Walter Lee Davis wrote:
>
> >        var data = responseText.evalJSON();
>
> s/b var data = transport.responseText.evalJSON();
>
> Walter

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

Re: [Proto-Scripty] Re: Ajax.Request not working with HTTPS and self signed certificates

[Phil Petree]

Hate to butt in here but did try setting an
alert(ajax.transport.responseText) right after your ajax call?

On Sun, Jun 12, 2011 at 6:28 PM, T.J. Crowder wrote:

> Hi,
>
> > As I said in my post, the Ajax.Request call are in a HTML Application
> > (HTA). Which is not a server page. It run on client machine using
> > mshta.exe and request data from server using ajax.
>
> Ah, sorry. Probably not safe to assume everyone knows what you mean by
> "HTA". I've seen any number of acronyms people have created ad hoc to
> make their web apps sound cool, I have to assume I put your use of
> "HTA" in that category, not being familiar with that specific
> Microsoft-centric technology.
>
> > And I don't think the issue is due to "Same Origin Policy", as the
> > requests are working fine when server SSL is enabled using  trusted
> > certificate.
>
> In that case, it's a question for Microsoft. Prototype isn't involved
> in the certificate chain process at all. It just does the request and
> reads the response via XMLHttpRequest. The certificate stuff is
> handled by the user agent (e.g., mshta.exe).
> --
> T.J. Crowder
> Independent Software Engineer
> tj / crowder software / com
> www / crowder software / com
>
> On Jun 12, 7:17 pm, Rick Avner  wrote:
> > Hi Crowder,
> >
> > Thanks for the information.
> >
> > As I said in my post, the Ajax.Request call are in a HTML Application
> > (HTA). Which is not a server page. It run on client machine using
> > mshta.exe and request data from server using ajax.
> >
> > And I don't think the issue is due to "Same Origin Policy", as the
> > requests are working fine when server SSL is enabled using  trusted
> > certificate.
> >
> > The response is blank when server SSL is enabled using  self signed
> > certificate. Any idea?
> >
> > And yes, I should try with latest version of prototype.js.
> >
> > Thanks
> >
> > On Jun 12, 3:05 pm, "T.J. Crowder"  wrote:
> >
> >
> >
> >
> >
> >
> >
> > > Addendum:
> >
> > > > I am using prototype.js version 1.5.
> >
> > > Why? It's been out of date for more than three and a half years
> > > (assuming you're talking about v1.5.1.2, which was superceded by
> > > v1.6.0 in November 2007). That's a _long_ time in the browser-based
> > > world.
> >
> > > -- T.J.
> >
> > > On Jun 12, 10:36 am, "T.J. Crowder"  wrote:
> >
> > > > Hi,
> >
> > > > I don't think it has anything to do with the certificate being self-
> > > > signed, just that it's https.
> >
> > > > Are you trying to use https in an ajax call when the page has been
> > > > loaded via http? If so, you're running into the Same Origin
> Policy[1],
> > > > which forbids doing that. Ajax requests, by default, can only go to
> > > > the same origin as the document in which the script is running, and
> > > > the concept of an origin includes the protocol 
> > > > (http://example.comandhttps://example.comare_different_origins).
> More in the link.
> >
> > > > If you're in control of the server, you have a couple of options:
> >
> > > > 1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin
> > > > restriction, but it can only use the GET method, not POST.
> >
> > > > 2. If you can rely on using a modern browser, you can use the new
> > > > CORS[3] standard. You can see a list of browsers and their support
> (or
> > > > lack thereof) for CORS here[4]. Unfortunately, CORS is only supported
> > > > by IE in IE8 and above, and that support requires extra work (whereas
> > > > every other browser vendor who supported it did so in a backward-
> > > > compatible way). Specifically, instead of using XMLHttpRequest (which
> > > > is what Ajax.Request uses), you have to use a completely new
> > > > XDomainRequest object instead. But again, only on IE. Note that using
> > > > CORS requires that you add support for it to the server, because you
> > > > have to handle a request from the browser asking if it's okay to send
> > > > the cross-origin request.
> >
> > > > HTH,
> > > > --
> > > > T.J. Crowder
> > > > Independent Software Engineer
> > > > tj / crowder software / com
> > > > www / crowder software / com
> >
> > > > [1]http://en.wikipedia.org/wiki/Same_origin_policy
> > > > [2]http://en.wikipedia.org/wiki/JSONP#JSONP
> > > > [3]http://www.w3.org/TR/access-control/
> > > > [4]http://caniuse.com/#search=cors
> >
> > > > On Jun 12, 9:00 am, Rick Avner  wrote:
> >
> > > > > Hi,
> >
> > > > > I have a HTML Application (HTA) using Ajax.Request to get
> information
> > > > > from one of my LAMP based server.  The requests were working fine
> > > > > using HTTP. However, the requests are failing (responseText is
> blank)
> > > > > when I use HTTPS.  Server SSL is enabled using self signed
> > > > > certificates.
> >
> > > > > Is there any way to ignore certificate warnings while using
> > > > > Ajax.Request?
> >
> > > > > I know I should use CA certified certificates on my server. However
> > > > > just wondering if there is any way for Ajax.Request to work with
> self
> > > > > signed certificates.
> >

[Proto-Scripty] Re: Ajax.Request not working with HTTPS and self signed certificates

[T.J. Crowder]

Hi,

> As I said in my post, the Ajax.Request call are in a HTML Application
> (HTA). Which is not a server page. It run on client machine using
> mshta.exe and request data from server using ajax.

Ah, sorry. Probably not safe to assume everyone knows what you mean by
"HTA". I've seen any number of acronyms people have created ad hoc to
make their web apps sound cool, I have to assume I put your use of
"HTA" in that category, not being familiar with that specific
Microsoft-centric technology.

> And I don't think the issue is due to "Same Origin Policy", as the
> requests are working fine when server SSL is enabled using  trusted
> certificate.

In that case, it's a question for Microsoft. Prototype isn't involved
in the certificate chain process at all. It just does the request and
reads the response via XMLHttpRequest. The certificate stuff is
handled by the user agent (e.g., mshta.exe).
--
T.J. Crowder
Independent Software Engineer
tj / crowder software / com
www / crowder software / com

On Jun 12, 7:17 pm, Rick Avner  wrote:
> Hi Crowder,
>
> Thanks for the information.
>
> As I said in my post, the Ajax.Request call are in a HTML Application
> (HTA). Which is not a server page. It run on client machine using
> mshta.exe and request data from server using ajax.
>
> And I don't think the issue is due to "Same Origin Policy", as the
> requests are working fine when server SSL is enabled using  trusted
> certificate.
>
> The response is blank when server SSL is enabled using  self signed
> certificate. Any idea?
>
> And yes, I should try with latest version of prototype.js.
>
> Thanks
>
> On Jun 12, 3:05 pm, "T.J. Crowder"  wrote:
>
>
>
>
>
>
>
> > Addendum:
>
> > > I am using prototype.js version 1.5.
>
> > Why? It's been out of date for more than three and a half years
> > (assuming you're talking about v1.5.1.2, which was superceded by
> > v1.6.0 in November 2007). That's a _long_ time in the browser-based
> > world.
>
> > -- T.J.
>
> > On Jun 12, 10:36 am, "T.J. Crowder"  wrote:
>
> > > Hi,
>
> > > I don't think it has anything to do with the certificate being self-
> > > signed, just that it's https.
>
> > > Are you trying to use https in an ajax call when the page has been
> > > loaded via http? If so, you're running into the Same Origin Policy[1],
> > > which forbids doing that. Ajax requests, by default, can only go to
> > > the same origin as the document in which the script is running, and
> > > the concept of an origin includes the protocol 
> > > (http://example.comandhttps://example.comare_different_origins). More in 
> > > the link.
>
> > > If you're in control of the server, you have a couple of options:
>
> > > 1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin
> > > restriction, but it can only use the GET method, not POST.
>
> > > 2. If you can rely on using a modern browser, you can use the new
> > > CORS[3] standard. You can see a list of browsers and their support (or
> > > lack thereof) for CORS here[4]. Unfortunately, CORS is only supported
> > > by IE in IE8 and above, and that support requires extra work (whereas
> > > every other browser vendor who supported it did so in a backward-
> > > compatible way). Specifically, instead of using XMLHttpRequest (which
> > > is what Ajax.Request uses), you have to use a completely new
> > > XDomainRequest object instead. But again, only on IE. Note that using
> > > CORS requires that you add support for it to the server, because you
> > > have to handle a request from the browser asking if it's okay to send
> > > the cross-origin request.
>
> > > HTH,
> > > --
> > > T.J. Crowder
> > > Independent Software Engineer
> > > tj / crowder software / com
> > > www / crowder software / com
>
> > > [1]http://en.wikipedia.org/wiki/Same_origin_policy
> > > [2]http://en.wikipedia.org/wiki/JSONP#JSONP
> > > [3]http://www.w3.org/TR/access-control/
> > > [4]http://caniuse.com/#search=cors
>
> > > On Jun 12, 9:00 am, Rick Avner  wrote:
>
> > > > Hi,
>
> > > > I have a HTML Application (HTA) using Ajax.Request to get information
> > > > from one of my LAMP based server.  The requests were working fine
> > > > using HTTP. However, the requests are failing (responseText is blank)
> > > > when I use HTTPS.  Server SSL is enabled using self signed
> > > > certificates.
>
> > > > Is there any way to ignore certificate warnings while using
> > > > Ajax.Request?
>
> > > > I know I should use CA certified certificates on my server. However
> > > > just wondering if there is any way for Ajax.Request to work with self
> > > > signed certificates.
>
> > > > I am using prototype.js version 1.5.
>
> > > > Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
ht

[Proto-Scripty] Re: Ajax.Request not working with HTTPS and self signed certificates

[Rick Avner]

Hi Crowder,

Thanks for the information.

As I said in my post, the Ajax.Request call are in a HTML Application
(HTA). Which is not a server page. It run on client machine using
mshta.exe and request data from server using ajax.

And I don't think the issue is due to "Same Origin Policy", as the
requests are working fine when server SSL is enabled using  trusted
certificate.

The response is blank when server SSL is enabled using  self signed
certificate. Any idea?

And yes, I should try with latest version of prototype.js.

Thanks

On Jun 12, 3:05 pm, "T.J. Crowder"  wrote:
> Addendum:
>
> > I am using prototype.js version 1.5.
>
> Why? It's been out of date for more than three and a half years
> (assuming you're talking about v1.5.1.2, which was superceded by
> v1.6.0 in November 2007). That's a _long_ time in the browser-based
> world.
>
> -- T.J.
>
> On Jun 12, 10:36 am, "T.J. Crowder"  wrote:
>
>
>
> > Hi,
>
> > I don't think it has anything to do with the certificate being self-
> > signed, just that it's https.
>
> > Are you trying to use https in an ajax call when the page has been
> > loaded via http? If so, you're running into the Same Origin Policy[1],
> > which forbids doing that. Ajax requests, by default, can only go to
> > the same origin as the document in which the script is running, and
> > the concept of an origin includes the protocol 
> > (http://example.comandhttps://example.comare_different_ origins). More in 
> > the link.
>
> > If you're in control of the server, you have a couple of options:
>
> > 1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin
> > restriction, but it can only use the GET method, not POST.
>
> > 2. If you can rely on using a modern browser, you can use the new
> > CORS[3] standard. You can see a list of browsers and their support (or
> > lack thereof) for CORS here[4]. Unfortunately, CORS is only supported
> > by IE in IE8 and above, and that support requires extra work (whereas
> > every other browser vendor who supported it did so in a backward-
> > compatible way). Specifically, instead of using XMLHttpRequest (which
> > is what Ajax.Request uses), you have to use a completely new
> > XDomainRequest object instead. But again, only on IE. Note that using
> > CORS requires that you add support for it to the server, because you
> > have to handle a request from the browser asking if it's okay to send
> > the cross-origin request.
>
> > HTH,
> > --
> > T.J. Crowder
> > Independent Software Engineer
> > tj / crowder software / com
> > www / crowder software / com
>
> > [1]http://en.wikipedia.org/wiki/Same_origin_policy
> > [2]http://en.wikipedia.org/wiki/JSONP#JSONP
> > [3]http://www.w3.org/TR/access-control/
> > [4]http://caniuse.com/#search=cors
>
> > On Jun 12, 9:00 am, Rick Avner  wrote:
>
> > > Hi,
>
> > > I have a HTML Application (HTA) using Ajax.Request to get information
> > > from one of my LAMP based server.  The requests were working fine
> > > using HTTP. However, the requests are failing (responseText is blank)
> > > when I use HTTPS.  Server SSL is enabled using self signed
> > > certificates.
>
> > > Is there any way to ignore certificate warnings while using
> > > Ajax.Request?
>
> > > I know I should use CA certified certificates on my server. However
> > > just wondering if there is any way for Ajax.Request to work with self
> > > signed certificates.
>
> > > I am using prototype.js version 1.5.
>
> > > Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request not working with HTTPS and self signed certificates

[T.J. Crowder]

Addendum:

> I am using prototype.js version 1.5.

Why? It's been out of date for more than three and a half years
(assuming you're talking about v1.5.1.2, which was superceded by
v1.6.0 in November 2007). That's a _long_ time in the browser-based
world.

-- T.J.

On Jun 12, 10:36 am, "T.J. Crowder"  wrote:
> Hi,
>
> I don't think it has anything to do with the certificate being self-
> signed, just that it's https.
>
> Are you trying to use https in an ajax call when the page has been
> loaded via http? If so, you're running into the Same Origin Policy[1],
> which forbids doing that. Ajax requests, by default, can only go to
> the same origin as the document in which the script is running, and
> the concept of an origin includes the protocol 
> (http://example.comandhttps://example.comare _different_ origins). More in 
> the link.
>
> If you're in control of the server, you have a couple of options:
>
> 1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin
> restriction, but it can only use the GET method, not POST.
>
> 2. If you can rely on using a modern browser, you can use the new
> CORS[3] standard. You can see a list of browsers and their support (or
> lack thereof) for CORS here[4]. Unfortunately, CORS is only supported
> by IE in IE8 and above, and that support requires extra work (whereas
> every other browser vendor who supported it did so in a backward-
> compatible way). Specifically, instead of using XMLHttpRequest (which
> is what Ajax.Request uses), you have to use a completely new
> XDomainRequest object instead. But again, only on IE. Note that using
> CORS requires that you add support for it to the server, because you
> have to handle a request from the browser asking if it's okay to send
> the cross-origin request.
>
> HTH,
> --
> T.J. Crowder
> Independent Software Engineer
> tj / crowder software / com
> www / crowder software / com
>
> [1]http://en.wikipedia.org/wiki/Same_origin_policy
> [2]http://en.wikipedia.org/wiki/JSONP#JSONP
> [3]http://www.w3.org/TR/access-control/
> [4]http://caniuse.com/#search=cors
>
> On Jun 12, 9:00 am, Rick Avner  wrote:
>
>
>
>
>
>
>
> > Hi,
>
> > I have a HTML Application (HTA) using Ajax.Request to get information
> > from one of my LAMP based server.  The requests were working fine
> > using HTTP. However, the requests are failing (responseText is blank)
> > when I use HTTPS.  Server SSL is enabled using self signed
> > certificates.
>
> > Is there any way to ignore certificate warnings while using
> > Ajax.Request?
>
> > I know I should use CA certified certificates on my server. However
> > just wondering if there is any way for Ajax.Request to work with self
> > signed certificates.
>
> > I am using prototype.js version 1.5.
>
> > Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request not working with HTTPS and self signed certificates

[T.J. Crowder]

Hi,

I don't think it has anything to do with the certificate being self-
signed, just that it's https.

Are you trying to use https in an ajax call when the page has been
loaded via http? If so, you're running into the Same Origin Policy[1],
which forbids doing that. Ajax requests, by default, can only go to
the same origin as the document in which the script is running, and
the concept of an origin includes the protocol (http://example.com and
https://example.com are _different_ origins). More in the link.

If you're in control of the server, you have a couple of options:

1. Use JSON-P[2] instead of Ajax. JSON-P doesn't have an origin
restriction, but it can only use the GET method, not POST.

2. If you can rely on using a modern browser, you can use the new
CORS[3] standard. You can see a list of browsers and their support (or
lack thereof) for CORS here[4]. Unfortunately, CORS is only supported
by IE in IE8 and above, and that support requires extra work (whereas
every other browser vendor who supported it did so in a backward-
compatible way). Specifically, instead of using XMLHttpRequest (which
is what Ajax.Request uses), you have to use a completely new
XDomainRequest object instead. But again, only on IE. Note that using
CORS requires that you add support for it to the server, because you
have to handle a request from the browser asking if it's okay to send
the cross-origin request.

HTH,
--
T.J. Crowder
Independent Software Engineer
tj / crowder software / com
www / crowder software / com

[1] http://en.wikipedia.org/wiki/Same_origin_policy
[2] http://en.wikipedia.org/wiki/JSONP#JSONP
[3] http://www.w3.org/TR/access-control/
[4] http://caniuse.com/#search=cors

On Jun 12, 9:00 am, Rick Avner  wrote:
> Hi,
>
> I have a HTML Application (HTA) using Ajax.Request to get information
> from one of my LAMP based server.  The requests were working fine
> using HTTP. However, the requests are failing (responseText is blank)
> when I use HTTPS.  Server SSL is enabled using self signed
> certificates.
>
> Is there any way to ignore certificate warnings while using
> Ajax.Request?
>
> I know I should use CA certified certificates on my server. However
> just wondering if there is any way for Ajax.Request to work with self
> signed certificates.
>
> I am using prototype.js version 1.5.
>
> Thanks in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request with an incorrect Header

[RudyWI]

I have done some research.
You are right : It's not a problem with Prototype.
Firefox sent a "preflighted" OPTION request according to CORS
specification because I have added an custom header field.

Do you know how to send my GET request with my custom header field ? I
need to configure HTTP server, or browser, or other... ?

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request with an incorrect Header

[T.J. Crowder]

Hi,

What you've quoted here:

> Access-Control-Request-Headers=remote_user,x-prototype-version,x-

...isn't a request header. It looks like a response header from a
server that accepts CORS[1] requests and (for its own reasons) decided
to make your request headers all lowercase.

I just tried your code with Prototype 1.7 (http://jsbin.com/ikere3),
and the actual *request* header sent (according to Chrome, and
separately according to Firebug), was indeed REMOTE_USER with the
value I gave ("foo", in my case).

[1] http://www.w3.org/TR/access-control/

HTH,
--
T.J. Crowder
Independent Software Engineer
tj / crowder software / com
www / crowder software / com


On Feb 23, 3:22 pm, RudyWI  wrote:
> Hi,
>
> I'am trying to use Ajax.Request to send a GET request with specific
> values in header part.
> I use the following code :
>
> function sendMyRequest(url, user) {
>         var myAjax = new Ajax.Request(url, {
>                 method: 'get',
>                 requestHeaders: { REMOTE_USER:user },
>                 onSuccess: function() { alert("OK"); },
>                 onFailure: function() { alert("KO"); }
>         });
>
> }
>
> After I invoked this function, the request header sent is :
>
> Host=*
> ...
> Access-Control-Request-Method=GET
> Access-Control-Request-Headers=remote_user,x-prototype-version,x-
> requested-with
>
> So I don't have a valid field for "REMOTE_USER", as defined in my
> function.
> I want a request Header similar to :
>
> Host=*
> ...
> REMOTE_USER=
>
> How to do it ?
>
> Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Prototype & script.aculo.us" group.
To post to this group, send email to prototype-scriptaculous@googlegroups.com.
To unsubscribe from this group, send email to 
prototype-scriptaculous+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/prototype-scriptaculous?hl=en.

[Proto-Scripty] Re: Ajax.Request bug using IE 7 and Prototype 1.7

[T.J. Crowder]

Hi,

> Sorry, you're right. the code posted is incorrect. the right one is:

I haven't bothered to try it, but I'm not seeing anything in that code
that would pose a problem.

Unless you can put together a minimal, self-contained example, I don't
think anyone is going to be able to help you. I don't think the fact
it's JSP has anything to do with it (unless, of course, the JSP isn't
outputting the HTML you expect -- but that's nothing to do with
Prototype).

> Any other suggestion?

Just to create a self-contained example and post it somewhere.

Good luck,
--
T.J. Crowder
Independent Software Engineer
tj / crowder software / com
www / crowder software / com

On Dec 2, 2:24 pm, "A.B."  wrote:
> Sorry, you're right. the code posted is incorrect. the right one is:
>
> function otherFunc(o){
> [.]
>
> };
>
> function ajaxCall(url, callbackResponse_1, p) {
>         try{
>                 new Ajax.Request(url, {
>                   method: 'get',
>                   asynchronous: true,
>                   onSuccess: function(transport) {
>                     otherFunc(p);
>                     callbackResponse_1();
>                   }
>                 });
>         } catch (exception) {
>         alert(exception.inspect());
>         }
>
> }
>
> ..anyway onSucces never got reached because Ajax.request simply die
> after onCreate().To be more precise I had a JSP page including three
>  tag:
>