« The Blogification of Heatherstone
Building Site Traffic That Matters »

Why WordPress stops post writing with Javascript “Access Denied” error

December 29, 2007 | Author: Overton | Filed under: Technology

Match the domain in your URL to what's configured in your WordPress address to avoid this nasty problem.

It’s a horrible problem if you have a WordPress-based website.  You go to your administration pages and try to write a post, but it won’t let you click in the editing panel.  There’s a nasty little Javascript error, so you get “Done, with errors”.  Clicking on it gets you an error something like this:

Line: 176
Char: 290
Error: Access is Denied
Code: 0
URL: http://www.example.com/wp-admin/post-new.php

Hunting around for a solution to this problem feels like an exercise in futility because lots of people have had this problem, posted it to message boards, but never received an error. Fortunately, “davidbibo” actually came up with an answer. The problem may be the “www.” at the beginning of your URL.

If you’ve configured the address options for the blog (on the General tab when you click Options) without the “www.” prefix, but you use it in your access URL, you get the error. These two must match!

Problem solved, thank you, David!

Update: I think I figured out why this happens in the first place.  The WordPress editor page is linking to Javascript files and using absolute addresses rather than relative addresses.  So, if you’ve configured your blog URL to be http://example.com, the page will be looking for Javascript files like http://example.com/wp-includes/js/fat.js.  If you’re accessing the page editor at a URL like http://www.example.com/wp-admin/post.php, then while the domains match, the subdomains are different.

A browser might consider a file being drawn from a different subdomain as a different site.  If so, then drawing across this Javascript file is treated as Cross-site Scripting and security settings that prevent that will block the Javascript execution and generate the Access Denied error.

Internet Explorer v7.0, the default browser I’m using at the moment, does block this and creates the error.  Firefox v1.5  doesn’t block this behavior.  Ironically, this probably is an example where people would see Firefox as being better, even though IE is only “broken” because it has the stronger security setting.

This entry was posted on Saturday, December 29th, 2007 and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

xygoxen

3 people have left comments

Thank you for the article. I was at my wits end and this article saved me. KUDOS to “davidbibo” for figuring out the problem and you for posting it.

dena wrote on January 23, 2008 - 12:26 pm | Visit Link

Oh god I love you.

Sean Blanda wrote on February 12, 2008 - 12:05 am | Visit Link

i don’t know how it worked but it did! you are a god-send!

cheers,
lester

Lester Cavestany wrote on April 23, 2008 - 10:15 am | Visit Link

feel free to leave a comment

Comment Guidelines: Basic XHTML is allowed (a href, strong, em, code). All line breaks and paragraphs are automatically generated. Off-topic or inappropriate comments will be edited or deleted. Email addresses will never be published. Keep it PG-13 people!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

All fields marked with " * " are required.

Learning Knowledge Action

Bookmarks