Sorry, you do not have permission to access the secured page due to a JavaScript error

When I use JavaScript code (XMLHttpRequest) to call SecuredPage.aspx from page SomePage.aspx, the following code is utilized:

    var httpRequest = GetXmlHttp();
    var url = "https://myhost.com/SecuredPage.aspx";

    var params = "param1=" + document.getElementById('param1').value +
                "&param2=" + document.getElementById('param2').value;

    httpRequest.open("POST", url, true);
    httpRequest.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");

    httpRequest.onreadystatechange = function() {
        //Call a function when the state changes.
        if (httpRequest.readyState == 4 && httpRequest.status == 200) {
            alert(httpRequest.responseText);
        }
    }
    httpRequest.send(params); // HERE ACCESS IS DENIED.

    //---------------------------------------------
    function GetXmlHttp() {
        var xmlhttp = false;
        if (window.XMLHttpRequest) {
            xmlhttp = new XMLHttpRequest();
        }
        else if (window.ActiveXObject)
        // Code for Internet Explorer.
        {
            try {
                xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
            }
            catch (e) {
                try {
                    xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
                } catch (E) {
                    xmlhttp = false;
                }
            }
        }
        return xmlhttp;
    }

An error stating Access is denied occurs. The code works fine if sent to http (http://myhost.com/SecuredPage.aspx).

How can this problem be resolved?

javascriptajaxhttpsxmlhttprequest

Answer №1

When attempting to retrieve an HTTPS page via Ajax, it is important to note that you must do so from an HTTPS page on the same domain due to the restrictions of the same origin policy.

However, there are alternative methods available if you choose not to use Ajax. For example, utilizing frames can be a viable option for cross-domain communication.

Another approach is to utilize JSONP, which requires fetching JSON data specifically.

A less common but still interesting option is to use YQL as a proxy, although this may not always be suitable for production websites.

Alternatively, setting up your own serverside proxy can allow you to fetch the HTTPS page and relay it, but this is generally not recommended unless absolutely necessary.

Answer №2

The reason for this is that the browser recognizes http and https as distinct sites or domains, thus requiring compliance with the same origin policy.

Since most "Ajax" requests are restricted by browser security measures, they must adhere to the same origin policy; meaning that data cannot be retrieved successfully from a separate domain, subdomain, or protocol.

An effective solution to this issue is utilizing jsonp.

Answer №3

One solution to your dilemma is addressing the issue of your browser interpreting this as a cross domain request. To resolve this problem, you can create a crossdomain.xml file with the following content:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="myhost.com" />
  <allow-access-from domain="ourhost.com" />
  <site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>

While I am not an expert in this particular technique, I have utilized it successfully in the past. Additional domains can be included by inserting more allow-access-from tags. Some adjustments may be necessary depending on your specific situation. Your mileage may vary.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Troubleshooting Karate - jbang.execute() (Node npm)

Need help with a question that's part of our project presentation. We are working on controlling the output of KARATE, ensuring it returns an OK or a KO depending on the test result. Currently, it always gives back 0 regardless of success or failure. ...

javascriptnpmkarate

Why Does React Material-UI Switch Styling Keep Changing Sporadically?

Currently, I am trying to integrate a switch component from MUI into my code. Strangely enough, upon the initial page load, the switch appears exactly as it should - identical to the one displayed on the MUI site. However, upon reloading the page, it under ...

javascriptreactjsmaterial-ui

What could be causing the issue with Virtual Populate not functioning on Node.js and Mongoose? Here's the scenario: User provides

When a user gives a review on a specific product ID, it is stored in the review model database instead of the product model database. Virtual populate is used in the product model to display the user review in JSON format without saving it in the database. ...

javascriptnode.jsmongodbmongodb-querymongoose-populate

What is the best way to isolate a single element within a for loop and exclude all others?

I have implemented a dynamic Ajax call to compare the string entered in the text field (representing a city name) with the "type" value in a JSON array. As I iterate through the elements of the array, I am checking the values associated with the key "type ...

javascriptjsonfor-loopcycle

Guide to creating a nested table with JavaScript

Currently, I am utilizing JavaScript to dynamically generate a table. To better explain my inquiry, here is an example of the HTML: <table id='mainTable'> <tr> <td> Row 1 Cell 1 </td> ...

javascripthtmldynamichtml-table

Angular 6 and Bootstrap 4: The Ultimate Checkbox Management System for Selecting or Deselecting All Options

I am facing a problem while trying to implement Bootstrap 4 Checkboxes with a select all and deselect all feature in Angular 6+. The code provided here works fine for the original checkboxes, but the issue arises when using Bootstrap as they have different ...

javascripthtmlbootstrap-4angular6

Unique element is bound with jQuery's ajaxStart function

Below is the JS code I am working with: <script type="text/javascript"> $(document).ready(function () { $("#innerDiv1").ajaxStart(function () { alert($(this).attr("id") + " ajaxStart"); }); $("#innerDiv2").aj ...

jqueryajax

Sort an array in descending order based on the key using JavaScript in Google Chrome

Having an issue with sorting an array in descending order by the key. It works perfectly in Firefox, but Chrome is displaying it in the original order. [["0", 0], ["1", 0.9], ["2", 597.5344192965547], ["3", 991.0326954186761], ["4", 1257.2580315846578], [ ...

javascriptarraysgoogle-chromesorting

Is there a way to verify if the $compile process has finished?

I am currently developing a function that can dynamically create an email template from an HTML template and some provided data. To accomplish this, I am utilizing Angular's $compile function. However, I have encountered a challenge that I seem unabl ...

javascriptangularjstypescriptasynchronous

Are there any other options similar to PhantomJs that offer support for CSS 3D effects?

I am working on capturing a webpage using NodeJs. My current setup involves using PhantomJs to capture screenshots of the page and ffmpeg to convert them into videos. However, I have encountered an issue where the page contains 3D transform CSS, which is n ...

javascripthtmlnode.jsphantomjsrecord

express includes a 500 error due to the .html extension for the view engine

I have an express app where I've configured my views to use HTML, but behind the scenes, I'm actually utilizing the ejs engine in order to maintain the .html extension. Here is how it's currently set up: app.set('views', path.join ...

javascriptnode.jsexpressejs

Retrieving the return value from a function within a promise using spyOn in a Jasmine unit test for an

I'm currently in the process of testing a function that takes a value from a promise, concatenates this value (which is a string) to a URL. The actual implementation of the function seems to be working perfectly fine. var resp = {"payment": { " ...

javascriptangularjsunit-testingjasminekarma-runner

How to execute an Ajax Post request within the Django framework?

I tried setting up a basic ajax/jquery post within a django framework, but I'm struggling to figure out why the output isn't appearing on a template page. Can anyone help? When I check the content of the post in firebug's 'response&apo ...

jqueryajaxdjango

Detect when a child li element is clicked and then toggle the class of its parent div

I have a div container that contains an unordered list tab menu. By clicking on each tab, the menu content changes correspondingly. The functionality is working well, but I want to alter the background image of the container div based on which li is clicke ...

javascriptjqueryhtmlcssjquery-ui-tabs

Tips for fading an image as you scroll using CSS and JavaScript?

I have been dedicating my day to mastering the art of website development. However, I am facing a challenge that is proving to be quite difficult. I am looking to create a smooth transition effect where an image gradually blurs while scrolling down, and re ...

javascripthtmljquerycss

Saving data from a web form into a database using AJAX, JSON, and PHP

I have been attempting to save form data in a database, but for some reason my code doesn't seem to be reflecting anything. Below is the code I am using: add.php <form name='reg' > <fieldset> <legend>Student Informati ...

javascriptphpjqueryjsonajax

Ajax redirection with Symfony

The login page utilizes ajax, with the controller responding in the web browser view as {"response":true,"data":{"from":"apachecms_api_login_submit","to":"/dashboard"}} without redirecting. When successful, the function triggers an ajax call. functio ...

ajaxsymfonyhttp-redirectroutes

The jQuery AJAX call is successful in Firefox, but unfortunately, it is not working in Internet Explorer

I've encountered a perplexing issue with an AJAX call. It's functioning perfectly fine in Firefox, but for some reason, it's not working in IE. Curiously, when I include an alert() specifically for IE, I can see the returned content, but the ...

javascriptjqueryhtmlajaxinternet-explorer

RequireJS has an unbreakable reliance on the library

For my Angular + Require project, I encountered an issue while trying to package the application with r.js using: node r.js -o app.build.config.js Despite everything working fine, the library files were not found on the specified path. Instead, the depen ...

javascriptangularjsrequirejs

Designing versatile buttons with HTML

When accessing the website on a phone, I have trouble seeing and tapping on these two buttons because they are too far apart. I would like to change it so that once a file is selected, the 'choose file' button will be replaced by the upload butto ...

javascripthtmlcssbutton