[Greasemonkey] XMLHttpRequest and document.domain
saravanannkl at gmail.com
Sun Jul 24 15:09:57 EDT 2005
I think you have misunderstood my problem.
I am using *Greasemonkey 0.3.5 version* since last tuesday. Also I am not
using any GM_apis in my script now. Older versions of my script used
GM_xmlhttpRequest for fetching data. Now I am replacing GM_xmlhttpRequest
with XMLHttpRequest to make it compatible with Greasemonkey version 0.3.5.
I am in timesofindia.indiatimes.com
<http://timesofindia.indiatimes.com>website and my script makes a
timesofindia.indiatimes.com <http://timesofindia.indiatimes.com>. So it is
not cross domain request and therefore my script should work. But my script
script tags in the
found that value of
document.domain is changed to "indiatimes.com <http://indiatimes.com>". So I
changed my script to make a request to indiatimes.com<http://indiatimes.com>.
It worked. So I try to change document.domain value to "
timesofindia.indiatimes.com <http://timesofindia.indiatimes.com>". But
mozilla throws exception for this.
I beleive that the GM script and scripts that are already in the web page
able to change the the value of document.domain and why not my GM script.
On 7/24/05, chris feldmann <cfeldmann at gmail.com> wrote:
> First off, you should not be using any version of greasemonkey that
> exposes the GM_ api's. You might not have heard, but there's a little
> security problem:
> Second, XMLHttpRequest won't work across domains, a separate security
> consideration that holds for mozilla across the board. That, I suspect, is
> the source of your error on req.open(). As for changing the domain, I'm
> not sure but it looks like you're just trying to pull a workaround on that
> security restriction.
> On 7/24/05, Saravanan <saravanannkl at gmail.com> wrote:
> > Hi,
> > I am working on a Greasemonkey script that uses XMLHttpRequest. This
> > script acts on the url pattern "http://timesofindia.indiatimes.com/*".
> > When the GM script tries to connect to url
> > "http://timesofindia.indiatimes.com/" then mozilla throws an exception
> > "Permission denied to call method XMLHttpRequest.open". But the GM
> > script is able to connect sucessfully to the url
> > "http://indiatimes.com/".
> > After digging out I found that the document.domain value is changed
> > from "timesofindia.indiatimes.com <http://timesofindia.indiatimes.com>"
> > to "indiatimes.com <http://indiatimes.com>" in the page
> > working in my script. so I tried to change the value of
> > document.domain back to "timesofindia.indiatimes.com<http://timesofindia.indiatimes.com>"
> > in the script.
> > mozilla throws exception when the script tries to change the value of
> > document.domain.
> > Is my assumption correct or am I missing something. can somebody throw
> > some light on XMLHttpRequest security and how it is handled in mozilla
> > browsers.
> > I am attaching my GM script for reference
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Greasemonkey