Mike-Ward.Net
Home Desk Drive Tweetz Simply Weather VSColorOutput FreeSnap Calendar Gadgets Downloads About
February 1, 2011  |  

Force jQuery 1.5 to always allow cross-site scripting

jQuery 1.5 has just been released and there’s lots of new goodness. Perhaps the most significant change is the new pluggable Ajax module. However, when I added jQuery 1.5 to my tweetz sidebar gadget, it no longer worked. Stranger still was the Ajax error message: “No Transport”. What did that mean?

Puzzled, I did a bit of code spelunking and found that jQuery tests to see if cross-site scripting is allowed. Gadgets use the IE engine which blocks cross-site scripting under normal browser conditions. Gadgets however allow cross-site scripting and likely tweak something in the IE engine to enable it to do so.

The jQuery Ajax method does have a parameter (crossDomain: true) that enables cross-site scripting. Unfortunately, adding this switch had no affect. jQuery doesn’t directly support Windows 7 gadgets, which is perhaps why this switch didn’t work. 

So back to the code. A bit more spelunking and I found where the test for cross-site scripting was made. Cross-site scripting is controlled (in part) by the jQuery.support.cors variable. Adding the following to my gadget fixed the issue.

jQuery.support.cors = true; // force cross-site scripting (as of jQuery 1.5)

The “No Transport” error appears to be a catch-all message meaning, “I couldn’t find a method to send your request”. A bit obtuse of an error message perhaps. Good thing there was source to examine.

comments powered by Disqus

previous | next