Firefox 1.5, XmlHttpRequest, req.responseXML and document.domain

Recently I have been working on a web application, extending it with an iframe on another subdomain.

When you set up communication with an iframe on another subdomain, it works by setting document.domain in both pages. Pretty nice and straight forward.
But it can mess up the rest of your page.

As soon as you have set document.domain you should be able to do an XHR to your original domain according to the same domain policy.

This will work in IE, Safari, and Opera.
This will not work in Firefox 1.0. This is very awkward but at least it has been fixed in 1.5.
So it will work in Firefox 1.5. But:

The responseXML object is useless. You can’t access it, you receive a Permission Denied when trying to access it’s content (e.g. documentElement). Very annoying.
Even stranger that responseText is still readable. What’s the reason for this? Is there some security risk i am unaware of or is it a plain bug?

As the responseText is available there is a pretty simple fix: re-parse the XML, which is kinda stupid and cpu intense if you have a lot of them. (something like: var doc =
(new DOMParser()).parseFromString(req.responseText, "text/xml");

I have some sample code available here.

Apparently a bug report has been filed at No response from developers. Great.
Unfortunately it has only been filed for OSX, but it also afffects Windows Firefox.

Mozilla guys, fix this ASAP.

Update 2007-06-21: Things seem to start moving, we will likely have a fix for Firefox 3.

, , ,

3 thoughts on “Firefox 1.5, XmlHttpRequest, req.responseXML and document.domain

  1. The responseXML "bug" in Firefox isn't a bug. As stated in the MDC, Mozilla browsers will not make the responseXML available unless the server serves the MIME type text/xml.
    There are two ways to fix this. One is to alter the server's script to make it serve the Content-Type: text/xml header. The second way is to do something like this in your JavaScript code:
    if (window.XMLHttpRequest) {
    req = new XMLHttpRequest();
    if (req.overrideMimeType) req.overrideMimeType("text/xml");
    } else if (window.ActiveXObject) {
    req = new ActiveXObject("Microsoft.XMLHTTP");
    This will force Mozilla browsers to parse the responded XML in the XMLHttpRequest object, given that the XML is well-formed.

  2. This IS a Firefox bug. Though the repsonse content type is set to "text/xml" Firefox does not allow you to access responseXML if document.domain is set.

    I tried overrideMimeType("text/xml") too but that did not help.

    The only thing that works is to parse the xml again like kirk describes it.

Comments are closed.