Quickduck

Recently at work we discovered that our SSL encrypted pages weren’t coming back fully encrypted. We narrowed down the partial SSL encryption problem to some default AJAX requests we were doing.

After searching the net I found that Microsofts XML Parser software must be version 3.0 with SP1 or later to support SSL.

I looked on my machine and noticed that I had MSXML 6.0 Parser.

So it was time to look at my javascript file that instantiated the ActiveXObject.

function getXmlHttp() {
  try {
        return new ActiveXObject("Msxml2.XMLHTTP");
  } catch(e) {
    try {
      return new ActiveXObject("Microsoft.XMLHTTP");
    } catch(E) {}
  }

  if (XMLHttpRequest != "undefined") {
    return new XMLHttpRequest();
  } else {
    return null;
  }
}

Now admitedly this bit of code was copied and pasted from somewhere so it was time to finally understand exactly what was going on.

Firstly, the code tries to instantiate a version specific instance of the XmlHttp object. I’m not entirely sure which version this is bringing back but it is definitely pre-3.0 SP1.

  return new ActiveXObject("Msxml2.XMLHTTP");

If that failed to bring back an instance it tries again with the following line: -

  return new ActiveXObject("Microsoft.XMLHTTP");

This is like an factory object that will bring back the most recent version installed on the clients computer.

So to fix this problem the code was changed to: –

Firstly, the code tries to instantiate a version specific instance of the XmlHttp object. I’m not entirely sure which version this is bring back but it is definitely pre-3.0 SP1.

  try {
        return new ActiveXObject("Msxml2.XMLHTTP.6.0");
  } catch(e) {
    try {
      return new ActiveXObject("Microsoft.XMLHTTP");
    } catch(E) {}
  }

  if (XMLHttpRequest != "undefined") {
    return new XMLHttpRequest();
  } else {
    return null;
  }
}

You might think it odd that I have hard-coded an version instance as our first try, but because we’re in an intranet environment we can ensure that all clients have version 6.0 of the XML parser installed. If they don’t we’ll try our best to get a version that is hopefully later than 3.0SP1 so that we can get SSL support.