5 Replies Latest reply on Feb 16, 2012 5:33 AM by Garrick van Schalkwyk

    Ajax and Webservices - Cross Site Scripting

      Hi All,

       

      We have been banging our heads on this one and would really appreciate some help.

       

      We are hosting a remote Web Application that we are pointing to via the Rhoelement Config file.

       

      This Web App then calls aSOAP webservice via Ajax. The Webservice (Hosted in Jboss) is located on the same machine as the web page invoking it. We constantly are served up with a Status Code of 0.

       

      We have been thinking that this could potentially be a Cross Site Scripting issue, but this would be surprising due to the fact that the domains are the same. We tried the example where we accessed a the getTime.php, and set the

      Access-Control-Allow-Origin: * flag. However this worked regardless of wether this was set further enforcing our view that it cannot be a Cross Site Scripting issue, but it has left us not knowing what to try next.

       

      We have been able to successfully access the web service when executing the html page via Firefox, however we also get the Status Code of 0 on Chrome.

       

      A last question regardiing, Access-Control-Allow-Origin: *, if we wanted to enable this for a JBOSS server, how would you go about doing this?

       

      Garrick

        • Re: Ajax and Webservices - Cross Site Scripting

          I had trouble getting Ajax requests to work when using jQuery.  The program would work in a browser, but fail in elements - even after adding the correct Access-Control-Allow-Origin header and making sure I was returning the correct Content-Type header.

           

          When I switched to creating XMLHttpRequest directly without using jQuery it worked fine on either platform.

            • Re: Ajax and Webservices - Cross Site Scripting

              Would you be able to share the code you use to create the xmlHttpRequest

              and how you invoke the service?

              On Feb 13, 2012 6:49 AM, "Ord Millar" <

                • Re: Ajax and Webservices - Cross Site Scripting

                  Here is code I was using to test this - it does an HTTP POST to a test script, and then shows the response in an alert box.

                   

                  function testAsync(){ 
                         var formData = new FormData();
                          formData.append("myField","myValue");
                                  
                          var url="http://www.odmtech.com/myTestPage.php";  
                          var httpreq = new XMLHttpRequest();  
                          httpreq.open("POST", url, true);  
                          httpreq.onreadystatechange = function (){  
                             var done = 4, ok = 200;  
                             if (httpreq.readyState == done && httpreq.status == ok)  
                             {               
                                 alert(httpreq.responseText);              
                              }  
                          };  
                          httpreq.send(formData);      
                  }
                  
                  
                  1 of 1 people found this helpful
              • Re: Ajax and Webservices - Cross Site Scripting
                Bernard Castelein

                Is your web application served on the same port as the soap service? Even a difference in port number is considered as a different origin.

                1 of 1 people found this helpful
                • Ajax and Webservices - Cross Site Scripting

                  Hi Ord and Bernard,

                   

                  Thank you for your responses. The issue was due to the ports being different. We were serving the html pages up via port 80 while our webservices are hosted in a jboss container running on port 8080. We had thought about placing a php page in between but eventually decided to deploy the html page inside of the tomcat webserver hosted within jboss (so 8080 is a common port now). This did solve our problem.

                   

                  Thanks again!