Newbie: JS/AJAX permission'g question

[hemant.singh]

Hello all,
I am developing a solution(JS/Ajax+ruby) which will be hosted on say
domain x.com

now my client can be comg from any domain, all they need to do is

<!-- Magic script starts -->
<div id="mymagic">
<script src="http://x.com/javascripts/client.js" />
<script type='text/javascript'>
showThemReality();
</script>
</div>
<!-- Magic script ends -->

Now the client.js loaded from x.com is making a ajax connection to
x.com, is this a issue? If not than how to access x.com server scripts
from client.js? I am try'g and it is giving me permission denied
exception.

Any help/pointer will be greatly appreciated

TIA

 

[Martin Honnen]

now my client can be comg from any domain, all they need to do is

<!-- Magic script starts -->
<div id="mymagic">
<script src="http://x.com/javascripts/client.js" />
<script type='text/javascript'>
showThemReality();
</script>
</div>
<!-- Magic script ends -->

Now the client.js loaded from x.com is making a ajax connection to
x.com, is this a issue?

Same origin policy means the origin of the HTML (or by now XML or SVG)
document with the script element matters, if the document with the
script element has been loaded from e.g. http://example.com/ then
XMLHttpReuqest can make HTTP requests to that origin but not to other ones.
What you can however do is use a script element e.g.
<script type="text/javascript"

src="http://example.org/service.asp?method=methodname&amp;arg1=value1&amp;callback=yourcallback"></script>

define a function
function yourcallback (resultData) {
// process resultData here that
http://example.org/service.asp?method=methodname
delivers as an argument to yourcallback
}

That way there is no use of XMLHttpRequest with its restricted same
origin policy, rather a script is loaded from a different origin where a
server script generates the client script as needed, reading out the
query string to know which "server-side method" to call with which
arguments and then deliver the data by callling the callback function
you have defined.


If you wanted to use XMLHttpRequest in a document loaded from
http://example.com/ to make a request to http://example.org/ then you
can't unless server-side script on example.com works as a proxy so that
your XMLHttpRequest goes to example.com passing in the example.org URL
as data in the query string or request body where the server side script
on example.com then makes the request to example.org as needed and
passes the data back to the client e.g.
var httpRequest = new XMLHttpRequest();
httpRequest.open('GET',
'http://example.com/proxy.asp?url=http://example.org/service1.asp', true)

 

[hemant.singh]

Martin,
Thanks for your comments and detailed explaination.
So using server side javascripts i can avoid the first xmlhttprequest
call for sure, but my script build some GUI over user document, and if
user clicks on it, I need to send some information back to my server
stuck(it is same as .js is loaded, but different from where html
document is loaded), how should i achieve this?
I am thinkg either on user action I made browser load another JS and
pass user's input as parameter to that JS? or another alternative I can
see is that in image tag I pass the parameter to my server.


But im thinking these kindof technique's are widely adopted by
spyware's which is not true in my case, as user himslf is putting
<script> tag in his document and loading JS from my domain
Any comments/pointers will be greatly appreciated

Thanks once again

 

[Martin Honnen]

I need to send some information back to my server
stuck(it is same as .js is loaded, but different from where html
document is loaded), how should i achieve this?
I am thinkg either on user action I made browser load another JS and
pass user's input as parameter to that JS? or another alternative I can
see is that in image tag I pass the parameter to my server.

Nowadays most browsers support means to dynamically create and insert a
script element and that way dynamically load a script from any server.
Thus the scheme to use is the same as before, a script element
<script type="text/javascript"
src="http://example.org/service.asp..."></script>
only instead of having that script element statically inside of your
HTML document you use scripting to create and insert it
var script = document.createElement('script');
script.type = 'text/javascript';
script.src =
'http://example.com/service.asp?method=methodname&arg1=value1&callback=callbackname';
document.getElementsByTagName('head')[0].appendChild(script);
That way the script service.asp on the server reads out the query string
to get the data and if needed generates client-side script it sends back
that calls the callback function you provide.

 

[hemant.singh]

Thanks Martin,
It helps,
I am currently using something like following to load JS, I think i
need to use something same for sending callback data from script to my
x domain too.

<!-- Start of Magic script-->
<b>Magic GUI :</b>
<script type='text/javascript'>
var paramurl = 'UNIQUEID';
var url ='http://x.com/ws/getdojs/?url='+escape(paramurl);
var jsi = "<" + "script type='text/javascript'"
jsi += " src='" + url + "'></" + "script>";
//alert(jsi); // for testing.
document.write(jsi);
</script>
<!-- End of Magic script-->

 

[Lasse Reichstein Nielsen]

Now the client.js loaded from x.com is making a ajax connection to
x.com, is this a issue?

Most likely.

If not than how to access x.com server scripts from client.js?

"If so" I assume. Try adding a new script element to the page that
loads another script from x.com.

I am try'g and it is giving me permission denied exception.

"try'g"? Ah... "trying". The time I had to spend decoding that
abbreviation is not worth the quarter second it would take to
write one character more!

That is the expected problem. You can only use XMLHTTPRequest
against the same server that the HTML page came from.

/L