Category Archives: ie7 cross-domain security

Page is accessing information that is not under its control while accessing a webservice

When I created a html page which consumes a webservice which is on some other domain, I used to get the prompt box on ie7 which says “Page is accessing information that is not under its control. This poses a security risk. Do you want to continue” with yes/no buttons. When I click yes, it works fine but when I click no it said Permission denied. I wanted to suppress this error.
It’s far from a perfect system, but it’s simple. Since there is no way to specify which pages trust other pages to access their data, Internet Explorer simply says that if two pages are not in the same domain, they cannot communicate. More precisely, Zone Manager (found on the security tab in Internet Settings) does allow the user to say that a page may access another page, but as you point out, most people leave it set on prompt.
You can suppress it getting into Internet Options -> Security Tab select internet and click custom actions button, in the pop up enable “Access data sources across domains” which is in the miscellaneous section.
You can suggest users add the page to the trusted site zone, or merely say Yes to the dialog box. Cross-domain security issues can be quite serious. Whenever you access data sources that are in a different context than your script, there are potential problems. A solution here would be to create a safe ActiveX® control that will perform the tasks you need and lock it down to the intranet site or creating a webservice in your local domain and accessing the webservice from different domain from your webservice. You can use your webservice in your application.