XMLHttpRequest to get HTTP response from remote host

Why the following code Based on Mozilla example does not work? Tried with Firefox 3.5.7 & Chrome.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"  "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
</head>
<body>
</body>
  <script>
    var req = new XMLHttpRequest();
    req.open('GET', 'http://www.mozilla.org/', false); 
    req.send();
    if(req.status == 200) {
        alert(req.responseText);
    }
  </script>  
</html>

Please that the browser is pulling the html from local disk (file:///C:/Users/Maxim%20Veksler/Desktop/XMLHTTP.html)

On Firefox it gives the following error:

uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIXMLHttpRequest.send]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: file:///C:/Users/Maxim%20Veksler/Desk开发者_开发问答top/XMLHTTP.html :: <TOP_LEVEL> :: line 10" data: no]

What am I doing wrong? I want to submit a request to remote host and alert the result (later to added into a div).

Your browser is preventing cross-site scripting. You have to use a relative path, otherwise most browsers will simply return an error or an empty responseText.

The following Stack Overflow post is probably also related to your problem:

• Empty responseText from XMLHttpRequest.

I'm also assuming that you've opened your HTML test page directly in the browser judging by your reference to file:///.... For XMLHttpRequest calls, you need to serve the HTML from a server. Try something like xampp (http://www.apachefriends.org/en/xampp.html) to get a local server up and running and then run your test from http://localhost/XMLHTTP.html.

Note, this does not solve your same-origin problem, but this would allow the following code to work:

  <script>
    var req = new XMLHttpRequest();
    req.open('GET', '/myTestResponse.html', false); 
    req.send();
    if(req.status == 200) {
        alert(req.responseText);
    }
  </script>

You cannot make requests across domains, even with local files.

https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript

Unless you are developing an extension, which does not have the same restrictions as a web page.

Security issue no?

Presumably firefox is preventing the local file from talking to a remote host?

Scouting round the net - found this. Try adding this to the start of your script:

try {
  netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
} catch (e) {
  alert("Permission UniversalBrowserRead denied.");
}

Can't guarantee this'll work; because ultimately what you're trying to do is enter a security hole that browsers have been specifically coded to have plugged up (cross-domain requests).

There are some special scenarios where it can be switched on, though, usually at the user's discretion.