How to carry out Cross Domain request in a Webbrowser Control?

Question

As you know doing Cross Domain XMLHTTP requests is not allowed for security reasons under Internet Explorer.

I have a WebBrowser Control and I\'m using DocumentTex

Answer 1

URLACTION-CROSS-DOMAIN-DATA seems to be the right direction: Read this to find out why

Answer 2

I found a dirty workaround, load a local HTML (c:\temp\temp.html) and then modify the content of it via javascript.

After this point there is no more CrossDomain restrictions however using document.write causing other nasty problems such as JQuery .ready functions won't work.

Answer 3

Check this, it worked for me like a charm. http://support.microsoft.com/default.aspx?scid=kb;en-us;246227

Answer 4

I don't understand on which domain you don't have access to the Javascript... Have you tried using the script tag to get the data that you want from a different domain? You can use the JSONP idiom to namespace the data...

var head = document.getElementsByTagName("head")[0];
var script = document.createElement("script");
script.src = "anotherdomain.com/data?callback=myFunction";
head.appendChild(script);

And then on "/data":

myFunction({
    // data here
});

Answer 5

The only way to do this is to make sure your code runs in the trusted zone (or higer like HTA). By default, anything running inside the WebBrowser control runs in the zone that the files which are being served come from. (i.e. the standard IE security policies are being used.)

To change this behaviour, you'll need to change the application which is hosting the WebBrowser control and implement a few interfaces on that WebBrowser control. (IInternetHostSecurityManager, IInternetZoneManager and IInternetSecurityMgrSite are the ones that you should take a look at.) This is not a trivial task and the documentation about this is scarce at best.

Once this is done, your code can run with any privileges you need, and cross-domain requests are just as easy as resetting Mime-Sweeper high scores.

Hope this helps.