Ajax Uncaught Exception Error

When building an Ajax based website, one can encounter uncaught exception error while using Mozilla/Firefox.

Error: uncaught exception: Permission denied to call method XMLHttpRequest.open

Even though everything appear to be fine except for this error, it could be that the Ajax based website will be working well from IE but when loaded in Mozilla/Firefox, the error comes back.

The cause of this problem is not actually in coding but on the built-in security measure of Mozilla/Firefox for Ajax based websites. This type of browser has been optimized to prevent users from being hacked using cross scripting attacks. This happens when functions or data are invoked from a remote area from the local source. This is usually the case for developers who are still in the process of building Ajax with their local host instead of integrating them with the online source. Cross scripting attacks works exactly this way: users who visits the website are directed to a remote area wherein that website access the user’s information without permission.

Of course the basic solution for this problem is to transfer the data to the local host so that it will have the same source and the browser will not invoke the security measure. You can also do it the other way – running the actual application from the same remote location. However this will not be possible if you wanted to have multiple sources especially when you want to extract information from a websites that you do not own.

The other solution is to create a webserver within the Ajax based application. This webserver will invoke the data from 3rd party websites. Developers are free to use any web development language so that they could easily extract the information from a remote source. By using a webserver, the local host is not used and it would look like that it is just two interacting functions in Mozilla/Firefox.

On the other hand, if you really wanted to disable this security measure in this web browser, you need to create a request in the browser to overlook this feature. This request is built on the page where you wanted to load the information. In gist, this coding is built so that the data will be streamed to the website through an RSS feed. The coding will invoke the function called UniversalBrowserRead. The only requirement for this function to run is that the data you are looking for could be streamed using an RSS feed.

This security measure is very important for this type of browser. Cross site scripting is the biggest security threat for Ajax based application. Since Mozilla/Firefox is an open source browser, anyone could build something out of this browser. With this feature, you can prevent others from accessing your site and use it to gain personal information from your users.