+ Start a Discussion
LogmiLogmi 

Problems with FireFox

I have a question about the security settings in IE and FireFox.  I created the custom s-control below.  xmlhttp request works fine in IE if I enable "Access data sources across domains", but I doesn't work in Firefox.  I would prefer not touching any of the security settings in either browser to make this work.  Can anyone give me a suggestion?
 
CUSTOM S-CONTROL
<html>
<head>
<meta http-equiv=“refresh” content=“600″ />
<script type="text/javascript" src="/soap/ajax/10.0/connection.js"></script>
<script type="text/javascript">
var message;
var xmlhttp;
var pin;
if (window.XMLHttpRequest) {
  xmlhttp = new XMLHttpRequest();
//  netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
}else if (window.ActiveXObject) {
  xmlhttp = new ActiveXObject("Microsoft.XMLHTTP") ;
}
try
{
if (xmlhttp)
{
// Get new PIN
xmlhttp.open('GET', 'https://secure.help.com/API/requestPINCode.aspx?lang=en&redir=0&NewWindow=0&cfield0={!Case.Account}&cfield1={!API.Session_ID}&cfield2={!Case.OwnerEmail}&cfield3={!Case.Id}&cfield4={!Case.AssetId}&cfield5={!API.Enterprise_Server_URL_100}tracking0={!Case.Id}', false);
xmlhttp.send();
if (xmlhttp.responseText.search("OK\n\n") == 0)
{
pin = xmlhttp.responseText.substring(12);
message = '<a href="mailto:{!Contact.Email}?subject=Direct Connect Links&body=Please click the link below to request a live support session%0A%0Ahttps://secure.help.com/R%3Fi=2%26Code='+pin+'%0A%0ABest Regards,%0ASupport Teams"><br>Send email</a>';
message = pin + message;
//myWindow=window.open('','','width=450,height=180,titlebar=no,menubar=no,resizable=no,titlebar=no,status=no')
document.write("<h4><p style='color:blue;'>PIN Code: " + message +"</p></h4>")
//myWindow.document.write(message) 
document.write("This PIN code will remain valid for the next 20 minutes.<br><br>")
document.write('<div align=right><INPUT type="button" value="Close" name="button1" onClick=self.close();return true"></div>')
}
else
{
document.write("You are not logged on. Please" + '\n' + "launch the application before requesting a PIN by clicking the" + '\n' + "'Launch' button.")
}
}
else
{
document.write("Rescue API: Unable to generate PIN code.")
}
}
catch (e) {
document.write("Your browser's security settings is preventing this application from calling a web service.  Please check your settings and try again -  " + e);
}
</script>
</head>
<body bgcolor="#EEEEEE">
<font size="2" face="Garamond">
<div id="div_tag"></div></font>
</body>
</html>
SuperfellSuperfell
Use the Ajax proxy to make your remote request, that way you don't have any cross-domain requests from the browser.
LogmiLogmi
Thanks Simon.  So I moved my web request from javascript to a custom scontrol.  I no longer have a problem crossing domains.  My new problem is the authentication for the web request now doesn't work for subsequent requests.  To use the web service I need, first I must execute a login before any other request.  The login request is successful, but when I try a subsequent request, the response says I'm not logged on.  I'm not exactly sure why, my knowledge of security tokens stuff is non-existent.
 
Here is my s-control I'm playing with:
 
<html>
<head>
<meta http-equiv=“refresh” content=“600″ />
<script type="text/javascript" src="/soap/ajax/10.0/connection.js"></script>
<script type="text/javascript">
function login() {
var message;
var envelope =
'<?xml version="1.0" encoding="utf-8"?>' +
'<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">' +
'<soap12:Body>' +
'<login xmlns="https://secure.logmeinrescue.com/API/API.asmx">' +
'<sEmail></sEmail>' +
'<sPassword></sPassword>'+
'</login>' +
'</soap12:Body>' +
'</soap12:Envelope>';
sforce.connection.remoteFunction({
url : "https://secure.logmeinrescue.com/API/API.asmx",
requestHeaders: {
"Content-Type": "text/xml",
"SOAPAction": "https://secure.logmeinrescue.com/API/API.asmx/login"
},
mimeType: "text/xml",
requestData: envelope,
method: "POST",
onSuccess : function(response) { document.getElementById("result").value = response.textContent;},
onFailure : function(response) { document.getElementById("result").value = response.textContent;}
});
}
 
function getpin() {
var message;
var pin;
var envelope =
'<?xml version="1.0" encoding="utf-8"?>' +
'<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">' +
'<soap12:Body>' +
'<requestPINCode xmlns="https://secure.logmeinrescue.com/API/API.asmx">' +
'<sCField0></sCField0>' +
'<sCField1></sCField1>' +
'<sCField2></sCField2>' +
'<sCField3></sCField3>' +
'<sCField4></sCField4>' +
'<sCField5></sCField5>' +
'<sTracking0></sTracking0>' +
'</requestPINCode>' +
'</soap12:Body>' +
'</soap12:Envelope>';
sforce.connection.remoteFunction({
url : "https://secure.logmeinrescue.com/API/API.asmx",
requestHeaders: {
"Content-Type": "text/xml",
"SOAPAction": "https://secure.logmeinrescue.com/API/API.asmx/requestPINCode"
},
mimeType: "text/xml",
requestData: envelope,
method: "POST",
onSuccess : function(response) { document.getElementById("result").value = response.textContent;},
onFailure : function(response) { document.getElementById("result").value = response.textContent;}
});
}
</script>
</head>
<body bgcolor="#EEEEEE">
<font size="2" face="Garamond"></font>
<input type="text" id="result" name="result" />
<input type=button value="Login" onClick ="javascript&colon;login();">
<input type=button value="PIN" onClick ="javascript&colon;getpin();">
</body>
</html>


Message Edited by Logmi on 02-09-2008 05:09 PM

Message Edited by Logmi on 02-09-2008 05:10 PM
mba75mba75
I I try to connect a webservice to my salesforces apps With an S-control

The following line return the alert box :Undefined


sforce.connection.remoteFunction({
url : "http://abr.business.gov.au/abrxmlsearch/ABRXMLSearch.asmx/ABRSearchByABN?includeHistoricalDetails=N&authenticationGuid=AAAA-xxxxxxxxxxxxxxx&searchString=9999999999",
onSuccess : function(response) {
alert("success" );
}
});

If paste this url into a ie browser I get my XML doc .

Do I need to configure the remote site in Salesforce ?

SuperfellSuperfell
Yes, there's a list of authorized remote sites, you need to add your new one to that list.
Ron HessRon Hess
after login, your web service may be returning an authorization token or session id, it depends on the service you are using.

normally , you will capture that token and use it again in each subsequent interaction with the service.

as an example, this is how auth is done for Google GData and Amazon S3.

this is probably covered by your webservice interface documentation, which should specify how the service is intended to be called after the login (auth method)