Beware the affect of the base href= on AJAX requests, and IE. Permission denied to call XMLHttpRequest open method

The base href effect on (in IE)

Imagine that. If your base href is set to something weird, the ajax requests will get Access errors indicating “Permission Denied to call method” Errors! But only in IE.

In IE, with AJAX requests, your url root must match your base href. base ref=” should be the same as the base url in“GET”, “
method=getOrderInfoXML&userid=1234”, true), or you can use relative urls.

Example I had:

//The XMLHttpRequest is named xmlHttp here, xmlHttp = new XMLHttpRequest()
//If the base href is set to something other than the server root, the AJAX request
//thinks the request is coming from a different server, or something.
//Permission denied to call with the following
//SET IN HTML HEAD <base href="" /> - NOT HTTPS!"GET", "
method=getOrderInfoXML&userid=1234" , true);

//Now when the base href is set to the server root, no problems
//SET IN HTML HEAD <base href=""> - HTTP!"GET", "
method=getOrderInfoXML&userid=1234" , true);

Issues when www isn’t mapped to your home url

Another issue that can happen with access denied errors with your AJAX request is when your www doesn’t resolve to the same url as your root. I.E. isn’t the same dns entry as, even if they both eventually go to the same server ip.

Error: Happens when your session is in and your AJAX request points to (if your www subdomain doesn’t resolve to

//I'm on a http::// page, and I get an error with this line"GET", "
method=getOrderInfoXML&userid=1234" , true);
// I'm on a http::// page, this line will work"GET", "
method=getOrderInfoXML&userid=1234" , true);

Leave a Reply

Your email address will not be published. Required fields are marked *