Permission denied error when invoking cross domain AJAX using XDomainRequest

Question

I have created a php page that makes use of Google Javascript APIs. I am trying to use Ajax to populate the info windows of the markers dynamically, but get a permission denied error on the xdr.open line. I have checked the other posts relating to similar errors, and tried different changes, but still the same error.

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript" src="http://maps.googleapis.com/maps/api/js?sensor=false"></script>

<meta name="viewport" content="initial-scale=1.0, user-scalable=no" />
<style type="text/css">
html { height: 100% }
body { height: 100%; margin: 0; padding: 0 }
#map_canvas { height: 100% }
</style>

<script type=text/javascript>
var marker;
var map;
var xdr;

function loader()
{
        alert("XDR onload");
        alert("Got: " + xdr.responseText);
}

function Info(pmarker)
{
    google.maps.event.addListener(pmarker, 'mouseover', function()
    {
     if (window.XDomainRequest)
     {
        xdr = new XDomainRequest();
        if(xdr)
        {
            document.write('1');

            xdr.open("GET", "http://localhost/GMap/GroovyCaller.php?Node=Host1");
            xdr.send();
            document.write('2');
            xdr.onload = loader;
        }

        else
        {
            document.write('3');
            alert('Failed to create');
        }
     }
     else
     {
          document.write('4');
          alert('XDR does not exist');
     }
});
}
function createMarker() {

    var myLatlng = new google.maps.LatLng(-34.397, 150.644);
    var marker = new google.maps.Marker({
        position: myLatlng,
        map: map,
        title:"Hello World!"
        });
        Info(marker);
}
function initialize()
{
    var latlng = new google.maps.LatLng(-34.397, 150.644);
    var myOptions =
    {
        zoom: 8,
        center: latlng,
        mapTypeId: google.maps.MapTypeId.ROADMAP
    };
    map = new google.maps.Map(document.getElementById("map_canvas"),
    myOptions);


    createMarker();

}


</script>
</head>
<body onload="initialize()">
<div id="map_canvas" style="width:100%; height:100%"></div>
</body>
</html>

Answer 1

Is GroovyCaller.php returning the http header Access-Control-Allow-Origin? From http://msdn.microsoft.com/en-us/library/cc288060(v=vs.85).aspx:

Cross-domain requests require mutual consent between the document and the server. [...] It will only complete the connection if the server responds with an Access-Control-Allow-Origin header of either * or the exact URL of the requesting document.

Your server must know about your client to accept a cross domain connection. You can start with Access-Control-Allow-Origin: * to get it working, and then narrow it down.

Answer 2

I had a similar issue to this where I had client-side code running on a local domain (e.g. www.domain.local) that was trying to contact a server at localhost. Even when I added Access-Control-Allow-Origin: * to the servers response headers I was still getting Access Denied.

Turns out XDomainRequest does not like trying to access localhost from another domain. See point 6 of http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx.

My solution was create another fake domain pointing to localhost using my hosts file and then pointing XDR at that new domain instead.