Home > Uncategorized > Cross domain Scripting comes to haunt again

Cross domain Scripting comes to haunt again

In my last posts I had talked about Cross domain scripting issue with Firefox and how to solve cross domain scripting issues on tomcat

But looks like the issue has not been completely resolved. I have used the CORS filter solution as we are working on tomcat but have some problems in exception scenarios

Problem Statement:

I am trying to make a call to a REST service and trying to catch an 404 or 200 condition returned by REST and show an appropriate message to user based on error code.

My url in browser is http://localhost:8080/myapp/test.html

The code inside is

<html>
<head>
<script type=”text/javascript” charset=”utf-8″ src=”json2.js”></script>
<script type=”text/javascript” charset=”utf-8″ src=”jquery-1.4.4.min.js”></script>
<script>

function invokeFunction()
{

var myService = null;
if (window.XMLHttpRequest) //for mozilla
{
myService = new XMLHttpRequest();

if ( typeof myService.overrideMimeType != ‘undefined’)
myService.overrideMimeType(‘application/json’);
}
else if (window.ActiveXObject) //for IE
{
myService = new ActiveXObject(“Microsoft.XMLHTTP”);
}

var serviceUrl = “http://127.0.0.1:8080/myapp/webresources/user/1111“;

try{

myService.open(“GET”, serviceUrl , false);
myService.send();

if(myService.status == 404 || myService.status == 0)
{

alert(‘404 >>>>’ +myService.responseText);
}
else if(myService.status == 200)
{

alert(‘200 >>>>’ +myService.responseText);
}

}catch(err){

alert(” Error in REST service “+err.description+’  ‘+myService.status+’ ‘+myService.readyState);
}

}

Now when you look at code above

What happens in Firefox ?

My address in browser specifies localhost and I am making call to 127.0.0.1 and although post numbers are same, Firefox treats it as a cross domain. This would not have worked in FF but since I am using CORS filter, I am getting data if there is user with id 1111.

What happens in IE ?

This works perfectly fine in IE .

How to fix this ?

This will work if you just intend to capture the exception and not much concerned with exception message send by server. But if you have display different error messages to client based on error messages

For now we have wrapped the error messages also as response and return as 200.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.