Clever Geek Handbook

Does Ajax call work in Chrome, Firefox but not IE?

The following code works fine in Chrome, Firefox and Komodo Dragon. I even had a clean install of firefox (proving that I am not authenticated by FB or whatever). This doesn't work in IE. Chrome, FF and dragon all result in an alert with a valid access_token. IE results in "Access Denied". I've tried GET and POST, both have the same results.

    function getWallPosts() {
        $.ajax({
            url: 'https://graph.facebook.com/oauth/access_token?client_id=<facebookid>&client_secret=<secretcode>&grant_type=client_credentials',
            type: 'POST',
            success: function (data) {
                alert(data)
            },
            error: function (a, b, c) {
                alert(a + ' ' + b + ' ' + c);
            }
        });
    };

EDIT: More information *

I tried using XDomainRequest as recommended in the comments, however I still only get Access Denied in IE. I believe it is for this very reason:

http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx

Requests must target the same scheme as the hosting page

This restriction means that if your AJAX page is on http://example.com , then your target URL must also start with HTTP. Likewise, if your AJAX page is at https://example.com , the target URL must also start with HTTPS.

We specifically aimed to prevent XDomainRequests HTTPS pages from being used for HTTP resources, as this scenario is a Mixed Content Security Threat that many developers and most users do not understand.

However, this limitation is too large because it prevents HTTP pages from issuing XDomainRequests that are intended for HTTPS pages. While its true that the HTTP page itself could have been compromised, there is no reason why it should be prohibited from fetching government resources securely.

Worst of all, the Same Scheme restriction means that web developers testing their pages locally using file: // the schema will find that all XDomainRequests are blocked because file: // does not match either http: // or https: // which are the only valid target designs (point # 1). To work around this problem, web developers need pages on a local web server (such as IIS, Visual Studio hosting server, etc.).

To work around this limitation, you can create a PostMessage-Proxy for XDR.

The hosting package provided does not include any SSL options. Does anyone have any other ideas?

+3


source to share


1 answer


The answer was that the ajax call was called on the backend service and then that service called the OAuth call. In my case, I was using the asp.net ASMX service. It could also be PHP or whatever. It works now.



+1


source






More articles:


All Articles