This post will discuss and provide several solutions to "Access to restricted URI denied" error. This error is thrown in Firefox browser, while making AJAX request that does not comply with the browser's security policies.
The error occurs when application tries to do an AJAX request that does not comply with the same-origin policy or tries to access a local resource (file on your hard drive with a path like file://c:/Users/etc.). To solve this problem you need to change the URI to your files so that it appears as if they were on the same domain as the page your AJAX script is calling it from.
Let's try to reproduce the error.
$(document).ready(function(){
// Try to load content from the hard drive
$.get('file:///Users/path-to/seed-data.js', function(data){
console.log(data);
});
// Try to load content from another domain
$.ajax({
url: "http://www.google.com/some-file.html",
}).done(function(data) {
console.log(data);
});
// Try to load content from the same domain, but different protocol
// Assume we are on http://www.example.com page and trying to access
// page on the same secure domain "https"
$.get('https://www.example.com/seed-data.js', function(data){
console.log(data);
});
});
The examples above will result in the following error in your JavaScript console.
Access to restricted URI denied" code: "1012
xhr.open(type, s.url, s.async);Reasons
In the first example, the reason for the error is Firefox's security model that does not allow retrieving/accessing resources localhost resources.
In the second example, Firefox enforced "same origin" security policy that does not allow accessing resources from other domains (NOTE: www.example.com and example.com are considered two different domains as well).
In the third example, we tried to access resources using different protocol (https). Don't forget
HTTPandHTTPSare two different protocols.
Solutions
In order to solve the "Access to restricted URI denied" error, you need to identify which of the reasons above is causing your script to throw an error and fix it with one of the solutions below.
First problem: Deploy files to a web server or alternatively run one locally (ex. XAMPP). Once deployed, access your page from your domain (http://www.your-domain.com/page.html or http://localhost:port/page.html).
To access resources from other domains you have to overcome the "same origin policy". This can be done by putting a simple proxy script on your own domain and it would appear as if you are fetching resources from your own domain. You can find description and an example proxy script in “Cross domain AJAX scripting” post.
The solution to the last method is usually easy. In most cases it is either putting or removing "s" to/from "http". But for cases when you have to grab content from URL using different protocol, your only solution is to use proxy script described in the second solution.
If this post does not cover your case please leave a comment with reproducable code or a link to fiddle page. If you found this post helpful, please share/like it.
Wow! Thanks for this! I'm quite new to web development and bug-fixing here is really something :D
ReplyDeletewell, that is bad. We have an installed windows application that is started by klicking on a localhost link on a webpage. I thought i could query the starter from the webpage to see whether it is installed or not. If anybody has a solution for it. PLEASE SHARE! JSONP does not work either.
ReplyDeleteKarsten -
ReplyDeleteThis is a function of the Mozilla dev team having extreme myopia around the fact that there are many of us who actually run pages (whole AJAX apps actually) from 'file://' URLs and expect to be able to access HTTP URLs from those apps. My users download their 'web app bundle' like an .EXE and expect the same level of functionality.
Not everyone wants to run an HTTP server locally and further burden their client machine with unnecessary processes.
In any case, go into your FF 3.0 config panel (type 'about:config') and set the following property to 'false' by double clicking on it:
security.fileuri.strict_origin_policy
That should allow you to continue to access local files that are 'outside' of the directory structure you loaded from via XHR. Don't know why JSON's not working - might be same issue.
If you need more assistance, contact me at bedney@technicalpursuit.com.
Cheers,
- Bill
Thank you guys very much for getting rid of my headache! :)
ReplyDeleteCheers,
Pouya
I'm using localhost, but still getting the same error
ReplyDelete> I'm using localhost, but still getting the same error
ReplyDeleteYou should not use localhost, try uploading to your server or installing one locally
It also matters if you have the domain with and without www.
ReplyDeleteif you have callback to
http://mydomain.com/ajaxcall
from
http://www.mydomain.com/page.html
it will error.
you can also bypass this by using the FQDN of your local machine
ReplyDeleteSo much for using AJAX to process external RSS feeds
ReplyDeleteWilliam Edney
ReplyDeleteMany thanks for your post. It was really helpful. Interesting that the Mozilla folks would do something like this. Your post saved me a lot of time and frustration.
Thanks again
Guys, the trick with about:config worth a million dollars bottled! Thank you so much !
ReplyDeleteOddly enough, I can set the 'security.fileuri.strict_origin_policy' bit to 'false' and I still am able to trap the 'Access to restricted URI denied' error in Firebug. :( (Everything works fine in I.E...that never happens!)
ReplyDelete[SOLVED]
ReplyDeleteMake sure the URI you are calling from is the same as the URI you are calling to.
example:
http://www.somesite.com is not the same as http://somesite.com
Hello,
ReplyDeleteI have a XML-RPC server running on the following IP adresse : XXX.XXX.XXX.XXX:8000/functionName
When I call this server from a javascript XmlHttpRequest function, I get the following error on the line : request.open("POST", server, true);
Error : uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://XXX.XXX.XXX.XXX/xmlrpc.js Line: 34"]
I'm lost here ... does anyone have an idea ?
Thanks
@KG, can the port number be the reason?!
ReplyDeleteXXX.XXX.XXX.XXX:8000/functionName
and your script is on XXX.XXX.XXX.XXX/xmlrpc.js NO PORT NUMBER...
Can that be a reson ?!
Hi @Uzbekjon,
ReplyDeleteMy webservice is running on XXX.XXX.XXX.XXX:8000/functionName and my HTML web page is running on the same server on port 80.
What can or can't be done calling web service from JavaScript ?
@KG I believe XXX.XXX.XXX.XXX:8000 and XXX.XXX.XXX.XXX:80 are different domains for FF3...
ReplyDeleteI modified the security.fileuri file to read false and restarted FF, but still getting the error.
ReplyDeleteAJAX request can not be done between diferent port or domain. Example: if we have an request from http://www.domain.com:80 to http://www.domain.com:8080 or to http://domain.com (domain must exact for prevent inter subdomain scripting)
ReplyDeleteWell, then FireFox is dead in the water until they undo their "security".
ReplyDeleteAJAX should have access to any website (period.)
If they're going to be that paranoid and ignorant, they might as well turn off Javascript also.
The move is to use websites as resources, like disk drives. This is required for advancement of society. So the question is when will FireFox get the stick out of its butt and stop inhibiting valid development.
Until then, I don't care about FireFox and will not recommend it. I'll tell website visitors to open with IE!!!!
For those still struggling: on local system, FF allows access only to files in the same directory (or its subdirectories). So your page in C:\Temp can access files in C:\Temp and its subfolders, but not in C:\Other
ReplyDeletethanks for the fix - saved what is left of my hair
ReplyDeleteOne more comment about the local file system. The error also appears if the file you want to load does not exists (just lost 10 minutes of my life because of that)
ReplyDeleteThanks Ixa
ReplyDeletethanks ya!
ReplyDelete