Set oXMLHttp=Server.CreateObject("MSXML2.XMLHTTP")
On Error Resume Next
oXMLHttp.open "GET", "http://xxxxxx.com",False
oXMLHttp.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
oXMLHttp.send()
x = oXMLHttp.responseText
I'm getting this error: Access Denied
Where r u getting the error? On the server postback or on the web page? My guess is that this should not happen if you are doing this via server side. However if you are doing this via javascript within your html page then the same-origin policy might cause a problem
Browsers have a same domain policy. This means you cannot do xhr calls to other domains.
You will either have to use a server side proxy service on your domain to do the remote call for you or if the endpoint supports jsonp you can use a script tag to emulate an xhr call.
Related
Now this is puzzling me 2 days, I am using classic ASP to connect to XML on my server. I've had 2003 and 2008 and 2012 before, it worked.
This is my code:
Set objXmlHttp = Server.CreateObject("Msxml2.ServerXMLHTTP")
url="http://www.server.com/xyz.asp"
objXmlHttp.open "GET", url, False
objXmlHttp.Send
If I coonect to the http version of the file xyz.asp, I get error: The certificate authority is invalid or incorrect. ??? I don't even try to use https, I call the script on http page and connect to http page.
If I use https, that means if call my page on https (I have valid certificate) and try to connect with xmlhttp object everything stalls and I get timeout on .send.
Any ideas? This happens on Windows 2016. But it seems the problem is the xyz.asp (xml file), I can open it from the URL and XML code shows with no problem, but the serverXMLHTTP doesn't like it. If I connect to the file on the old server 2012, it works ok...
How can I even snoop on the problem?
what happens if you try a more recent version of ServerXmlHttp?
Set objXmlHttp = Server.CreateObject("MSXML2.serverXMLHTTP.6.0")
you may also want to look at:
Can't use HTTPS with ServerXMLHTTP object
VBA ServerXMLHTTP https request with self signed certificate
I have a cookie which is sent from the client which is used as part of my MVC web service, however now that I have integrated a hub into this application the hub doesnt get sent the cookie, whereas the mvc app does.
Now after reading other similar questions (not that there are many) the cookies domain seems to be to blame, or the path is not set.
Currently my system has 2 web apps, the ui and service. In my dev environment it is like so:
Service
http://localhost:23456/<some route>
UI
http://localhost:34567/<some route>
So in the above example, the ui will send a query to the service, getting an authorisation cookie on the response, which is used elsewhere.
In this example the cookie domain from the service is localhost, as from what I have read and seen on other questions there is no need for a port, it will automatically just allow all ports.
Are HTTP cookies port specific?
SignalR connection request does not send cookies
So it would appear to me that the cookie above has correct domain, and the path is set to /, so it should work. However it doesn't send them in the request from javascript.
My request is a CORS request so I am not sure if there are any quirks around that but all normal jquery ajax calls make it to the server fine with the cookies, any ideas?
OH also my cookies are httponly as well, not sure if this makes a difference...
== Edit ==
Have tried to rule out some stuff, have turned off httponly and it still refuses to send the cookies to the server, I have also noticed a few outstanding cookie issues which mention adding the following code in somewhere to make ajax behave a certain way:
$.ajax({
xhrFields: {withCredentials: true}
})
Tried using that and still no luck, so I am out of ideas.
I raised an issue as there is an underlying issue with < version 2 beta of SignalR relating to CORS and cookies.
https://github.com/SignalR/SignalR/issues/2318
However you can manually fix this issue by appending:
xhrFields: {withCredentials: true}
to all ajax requests within the jquery.signalr-*.js, this will then send cookies over CORS, although I do not know if this has any adverse effects on older browsers or IE.
Here is my scenario...
I'm working on a server that is http:// in Classic ASP
The company purchased a web service that verifies information, this web service is https://xxx.svc?etc
What can I do to call this service? I've tried AJAX with jQuery, I've tried XmlHTTPRequest and XDR, and I'm just about out of ideas. I'm running into the same error every time.."Access Denied" when I call "open" on my object. I've heard a few things about Same Domain policies and Cross Site Scripting, but it's 2012 now. Is there any way to accomplish this?
You are running into cross domain issues.
Setup a server side page that communicates with the webservice through the ServerXMLHttp object. Read more about this here.
You could then process the request server side or make use of JavaScript to make an AJAX request to your server side page. Since it will be on the same domain, you will not run into cross domain issues.
2 suggestions...
Have you looked at JSONP: http://en.wikipedia.org/wiki/JSONP
Or you could call the service on the server sideā¦
I'm debugging two ASP.NET applications running on the same machine under different instances of Cassini and with "custom errors" off. One app is running on port 100 and wants to perform a GET request from the other app running on port 90. So it runs this code:
WebRequest request = WebRequest.Create(
"http://localhost:90/Controller/Action?Param1=foo&Param2=bar");
request.Timeout = 10000;
request.GetResponse();
and the last line throws a WebException with HTTP 400 code and null InnerException. If I copy the very same URL in clipboard, past it into IE running on the same machine - the request is queued to the app on port 90 and its /Controller/Action/ is invoked and even parameters are passed okay.
What could be the problem origin here and how do I solve it?
I think you should try without the params in the url.
WebRequest request = WebRequest.Create("localhost:90/Controller/Action");
request.Timeout = 10000;
request.GetResponse();
if it does work you need to add some user-agent headers to allow the use of params.
Also you should probably look at WebClient.
MSDN
personally I would also look at using IISExpress or IIS to develop this kind of solution.
Just an outsider's observation here, consider making this call to the second webmethod via an ajax call from the browser and aggregate the results clientside using javascript (jQuery).
I would try and use the overload of WebRequest.Create that takes a URI object, that way you can rule out a fat-fingered URL.
Two hours debugging - and it turned out that service at port 90 would redirect the request back to the service at port 100 but wouldn't provide a required parameter in the URL, so the handler in the service at port 100 would throw an exception and return the HTTP 400 which was then reported by the GetResponse(). The solution was to change the logic so that there's no redirect for this specific request because the redirect would make no sense for this specific request.
And the jury finds both Cassini and ASP.NET to be not guilty.
I have a asp.net website which is supposed to upload files to a handler from a different application / domain. I'm using jQuery Form plugin. When trying to make an example on the same domain (uploading to the same domain) this setup works with success. When trying to upload file with from siteA to siteB I see in firebug that response from handler has been returned (in the Network tab) and is valid, however, the code never enters the 'success' handler, instead giving me such errors in the firebug console:
[jquery.form] Server abort: Error: Permission denied to access property 'document' (Error) log:
[jquery.form] cannot access response document: Error: Permission denied to access property 'document'
[jquery.form] aborting upload... aborted
In chrome it is:
Unsafe JavaScript attempt to access frame with URL http://domainB/handler.ashx from frame with URL domainA. Domains, protocols and ports must match.
Now, I am aware of the fact that there are some policies about ajax calls between domains, but it seems that jquery form plugin simply tries to access some url that is forbidden.
Does anyone have a workaround for it? Any solution please!:)
UPDATE:
I ended up hacking jquery.form so it doesn't throw cross-site exception and since I don't need actual result of upload - it works for me!
Check this and yes, this is a same-origin policy. There are ways to work this around using flash, iframes, jsonp etc but this will require editing a plugin.