cross-domain

Discussion in 'Javascript' started by ampo, Oct 18, 2008.

  1. ampo

    ampo Guest

    Hello.

    Can anyone help with cross-domain problem?
    I have HTML page from server1 that send xmlHTTPRequest to server2.

    How can I do it?

    Thanks.
     
    ampo, Oct 18, 2008
    #1
    1. Advertising

  2. ampo

    SAM Guest

    Le 10/18/08 11:32 PM, ampo a écrit :
    > Hello.
    >
    > Can anyone help with cross-domain problem?
    > I have HTML page from server1 that send xmlHTTPRequest to server2.
    >
    > How can I do it?


    You send your XHR to the server of your domain.
    The PHP (or other language) on this server will call and get the infos
    on the other server.

    --
    sm
     
    SAM, Oct 18, 2008
    #2
    1. Advertising

  3. ampo wrote:

    > Can anyone help with cross-domain problem?
    > I have HTML page from server1 that send xmlHTTPRequest to server2.
    > How can I do it?


    You might be interested in Ajax Cross Domain:

    http://www.ajax-cross-domain.com/

    --
    Bart
     
    Bart Van der Donck, Oct 19, 2008
    #3
  4. Bart Van der Donck wrote:
    > ampo wrote:
    >> Can anyone help with cross-domain problem?
    >> I have HTML page from server1 that send xmlHTTPRequest to server2.
    >> How can I do it?

    >
    > You might be interested in Ajax Cross Domain:
    >
    > http://www.ajax-cross-domain.com/


    CAVEAT: Each and every bit of information sent and retrieved using this
    method goes over a third-party server!

    While it is rather easy to set up server-side URL rewrite on one's own
    server, even without any knowledge of server-side scripting.


    PointedEars
    --
    realism: HTML 4.01 Strict
    evangelism: XHTML 1.0 Strict
    madness: XHTML 1.1 as application/xhtml+xml
    -- Bjoern Hoehrmann
     
    Thomas 'PointedEars' Lahn, Oct 20, 2008
    #4
  5. ampo wrote:
    > Can anyone help with cross-domain problem?
    > I have HTML page from server1 that send xmlHTTPRequest to server2.
    >
    > How can I do it?


    First of all, this could be a digital rights issue. Make sure that you have
    *written* authorization to use content of others in your Web site before you
    use it.

    Second, you can use either server-side URL rewrite, such as
    <http://httpd.apache.org/docs/2.0/misc/rewriteguide.html> or a server-side
    proxy script *on your server*.


    PointedEars
    --
    var bugRiddenCrashPronePieceOfJunk = (
    navigator.userAgent.indexOf('MSIE 5') != -1
    && navigator.userAgent.indexOf('Mac') != -1
    ) // Plone, register_function.js:16
     
    Thomas 'PointedEars' Lahn, Oct 20, 2008
    #5
  6. Thomas 'PointedEars' Lahn wrote:

    > Bart Van der Donck wrote:
    >
    >> ampo wrote:
    >>> Can anyone help with cross-domain problem?
    >>> I have HTML page from server1 that send xmlHTTPRequest to server2.
    >>> How can I do it?

    >
    >> You might be interested in Ajax Cross Domain:
    >>  http://www.ajax-cross-domain.com/

    >
    > CAVEAT: Each and every bit of information sent and retrieved using this
    > method goes over a third-party server!


    The default installation works with a web page that calls /cgi-bin/
    ACD.js on the same website (though the .js may also reside on another
    domain). ACD.js then does the request to the remote server. For
    example:
    http://www.ajax-cross-domain.com/#Synopsis
    http://www.ajax-cross-domain.com/runit/1.htm
    Two domains involved: the caller (ajax-cross-domain.com) and the
    remote site (google.com).

    Maybe the text "or as managed service on ajax-cross-domain.com" had
    created this confusion:
    http://www.ajax-cross-domain.com/#Flowchart

    The default installation is on the same website though:
    http://www.ajax-cross-domain.com/#Installation

    > While it is rather easy to set up server-side URL rewrite on one's own
    > server, even without any knowledge of server-side scripting.


    That would be a suitable alternative, yes.

    --
    Bart
     
    Bart Van der Donck, Oct 21, 2008
    #6
  7. Bart Van der Donck wrote:
    > Thomas 'PointedEars' Lahn wrote:
    >> Bart Van der Donck wrote:
    >>> ampo wrote:
    >>>> Can anyone help with cross-domain problem?
    >>>> I have HTML page from server1 that send xmlHTTPRequest to server2.
    >>>> How can I do it?
    >>> You might be interested in Ajax Cross Domain:
    >>> http://www.ajax-cross-domain.com/

    >> CAVEAT: Each and every bit of information sent and retrieved using this
    >> method goes over a third-party server!

    >
    > The default installation works with a web page that calls /cgi-bin/
    > ACD.js on the same website (though the .js may also reside on another
    > domain). ACD.js then does the request to the remote server. For
    > example:
    > http://www.ajax-cross-domain.com/#Synopsis
    > http://www.ajax-cross-domain.com/runit/1.htm
    > Two domains involved: the caller (ajax-cross-domain.com) and the
    > remote site (google.com).


    Nevertheless, those who have a domain of their own usually don't need your
    script (as they can put .htaccess and friends), and those who don't have a
    domain usually can't run your script on their server (who can't/won't afford
    a domain usually can't get CGI and friends because there are just not enough
    ads that would pay for it).

    So the latter group should be made aware that all their requests and
    responses can be spied^Wlogged on, either by you (no offense meant, but a
    statement of confidentiality is missing from your documentation), or a
    man-in-the-middle because the connection is only partially encrypted (from
    your server to the target host) at best.

    There is also the inherent insecurity of passing sensitive data in URIs to
    consider, since they end up in the local history and caches, proxy caches,
    and default Web server logs. Not to mention the limitation of data to be
    transmitted because browsers (and particularly that of the browser with
    still the greatest market share, like it or not); BTW, that limit is at 2083
    characters per URI in IE, not 2048.

    Given these facts, I have to question the overall usefulness of your
    script/service, even if your intentions may be good.


    PointedEars
    --
    realism: HTML 4.01 Strict
    evangelism: XHTML 1.0 Strict
    madness: XHTML 1.1 as application/xhtml+xml
    -- Bjoern Hoehrmann
     
    Thomas 'PointedEars' Lahn, Oct 23, 2008
    #7
  8. Thomas 'PointedEars' Lahn wrote:

    > Bart Van der Donck wrote:
    >> http://www.ajax-cross-domain.com/ [...]


    > Nevertheless, those who have a domain of their own usually don't need your
    > script (as they can put .htaccess and friends), and those who don't have a
    > domain usually can't run your script on their server (who can't/won't afford
    > a domain usually can't get CGI and friends because there are just not enough
    > ads that would pay for it).


    Access to a CGI-enabled directory is needed, yes, but not the own
    domain. The script runs from/to any location that supports CGI written
    in Perl.

    > So the latter group should be made aware that all their requests and
    > responses can be spied^Wlogged on, either by you (no offense meant, but a
    > statement of confidentiality is missing from your documentation),


    I cannot view/spy/log the requests. The webserver where the script
    runs, can. None of the 4284 downloads of the past years runs on my
    machine (except the demo) so I cannot view or log anything.

    > or a man-in-the-middle because the connection is only partially encrypted
    > (from your server to the target host) at best.


    Ajax Cross Domain can run over HTTPS or HTTP. It doesn't make a
    difference. Also a combination is possible:
    - caller file over HTTP and ACD.js over HTTPS
    - caller file over HTTPS and ACD.js over HTTP (in this case, the
    browser might give a warning, because a HTTPS page requests a HTTP
    javascript file, so I would not recommend this setup)

    The requested remote file can use connections over http:, https:,
    ftp:, news:, gopher: and a few (theoretical) others. It uses Gisle
    Aas' LWP module:
    http://search.cpan.org/~gaas/libwww-perl/lib/LWP.pm#NETWORK_SUPPORT

    > There is also the inherent insecurity of passing sensitive data in URIs to
    > consider, since they end up in the local history and caches, proxy caches,
    > and default Web server logs.  


    Very true. The issue is described at the second paragraph of chapter
    'Security':
    http://www.ajax-cross-domain.com/#Security

    But I think the risk must not be exaggerated; it's indeed inherent for
    this kind of requests as you write. It's not different with Apache
    rewrite rules or proxies; they can all be eavesdropped as well.

    IMHO the first paragraph about security ("Calling ACD.js is only
    allowed with certain query-strings") is more important.

    > Not to mention the limitation of data to be transmitted because browsers
    > (and particularly that of the browser with still the greatest market
    > share, like it or not); BTW, that limit is at 2083 characters per URI in
    > IE, not 2048.


    Yes, 2048 is the path size, not the full URL. It has been corrected.

    > Given these facts, I have to question the overall usefulness of your
    > script/service, even if your intentions may be good.


    Google Analytics shows between 50-100 unique visitors per day, with
    10-15 daily downloads of the script. I think that remote requests from
    js reflect a real need from programmers.

    Thanks for the feedback.

    --
    Bart
     
    Bart Van der Donck, Oct 23, 2008
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    3,467
    CyberOwl
    Sep 7, 2009
  2. Martin Doyle

    Cross-domain cookie synchronisation

    Martin Doyle, Apr 20, 2005, in forum: Java
    Replies:
    0
    Views:
    904
    Martin Doyle
    Apr 20, 2005
  3. Replies:
    0
    Views:
    339
  4. legendbb
    Replies:
    0
    Views:
    672
    legendbb
    May 9, 2006
  5. Stian Lavik
    Replies:
    1
    Views:
    716
    Danno
    May 24, 2006
Loading...

Share This Page