↑
Main Page

Enhanced privileges

Contacting a different server using JavaScript is expressly prohibited in Mozilla for security reasons.

This is certainly troublesome given that the very nature of Web services requires contacting different

servers. There is the capability, however, to have the user approve a script and allow it cross-domain

access. By default, Mozilla installations don’t allow this type of advanced privilege (once again, for secu-

rity reasons). You can, however, override this setting in the

all.js

configuration file (which is located in

Program Files\Mozilla\defaults\pref on

Windows-based machines).

Open up

all.js

in any text editor and find the following line:

pref(“signed.applets.codebase_principal_support”, false);

Change this line to:

pref(“signed.applets.codebase_principal_support”, true);

After setting this preference, you must close all running Mozilla instances and restart the browser. This

is only the first step. The second step is to request the Universal Browser Read privilege, which allows

cross-domain communication. Here’s how:

try {

netscape.security.PrivilegeManager.enablePrivilege(“UniversalBrowserRead”);

} catch (e) {

alert(“Script not signed.”);

}

When the second line is executed, the user is presented with a dialog box explaining that the script

would like enhanced privileges. The user can then click Yes to allow the privileges, or No to deny them

(Figure 17-1).

Figure 17-1

If the user clicks Yes, the code continues on; if the user clicks No, an error occurs and, in the previous

example, the alert indicates to the script that the privilege has been denied.

517

Web Services

20_579088 ch17.qxd 3/28/05 11:42 AM Page 517