Beware the affect of the base href= on AJAX requests, and IE. Permission denied to call XMLHttpRequest open method

The base href effect on XMLHtttpRequest.open (in IE)

Imagine that. If your base href is set to something weird, the ajax requests will get Access errors indicating “Permission Denied to call method yourXMLHttpRequestObject.open” Errors! But only in IE.

In IE, with AJAX requests, your url root must match your base href. base ref=”http://www.mydomain.com should be the same as the base url in xmlHttp.open(“GET”, “http://www.mydomain.com/MyRemoteServices/MyRemoteOrderService.cfc?
method=getOrderInfoXML&userid=1234”, true), or you can use relative urls.

Example I had:


//The XMLHttpRequest is named xmlHttp here, xmlHttp = new XMLHttpRequest()
//If the base href is set to something other than the server root, the AJAX request
//thinks the request is coming from a different server, or something.
//Permission denied to call XMLHttp.open with the following
//SET IN HTML HEAD <base href="http://www.mydomain.com/index.cfm?event=myOrder" /> - NOT HTTPS!
xmlHttp.open("GET", "https://mydomain.com/MyRemoteServices/MyRemoteOrderService.cfc?
method=getOrderInfoXML&userid=1234" , true);

//Now when the base href is set to the server root, no problems
//SET IN HTML HEAD <base href="https://www.mydomain.com/"> - HTTP!
xmlHttp.open("GET", "https://mydomain.com/MyRemoteServices/MyRemoteOrderService.cfc?
method=getOrderInfoXML&userid=1234" , true);

Issues when www isn’t mapped to your home url

Another issue that can happen with access denied errors with your AJAX request is when your www doesn’t resolve to the same url as your root. I.E. http://www.yourdomain.com isn’t the same dns entry as http://ourdomain.com, even if they both eventually go to the same server ip.

Error: Happens when your session is in http://www.yourdomain.com and your AJAX request points to http://yourdomain.com (if your www subdomain doesn’t resolve to http://yourdomain.com).


//I'm on a http:://www.mydomain.com page, and I get an error with this line
xmlHttp.open("GET", "http://mydomain.com/MyRemoteServices/MyRemoteOrderService.cfc?
method=getOrderInfoXML&userid=1234" , true);
// I'm on a http:://mydomain.com page, this line will work
xmlHttp.open("GET", "http://mydomain.com/MyRemoteServices/MyRemoteOrderService.cfc?
method=getOrderInfoXML&userid=1234" , true);

Leave a Reply

Your email address will not be published. Required fields are marked *