Re: Newbie: JS/AJAX permission'g question
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.lang.javascript archive

Re: Newbie: JS/AJAX permission'g question

From: <hemant.singh@gmail.com>
Date: Mon Apr 17 2006 - 13:04:37 CEST



Martin,


Thanks for your comments and detailed explaination.


So using server side javascripts i can avoid the first xmlhttprequest


call for sure, but my script build some GUI over user document, and if


user clicks on it, I need to send some information back to my server


stuck(it is same as .js is loaded, but different from where html


document is loaded), how should i achieve this?


I am thinkg either on user action I made browser load another JS and


pass user's input as parameter to that JS? or another alternative I can


see is that in image tag I pass the parameter to my server.



But im thinking these kindof technique's are widely adopted by


spyware's which is not true in my case, as user himslf is putting


<script> tag in his document and loading JS from my domain


Any comments/pointers will be greatly appreciated



Thanks once again :)



Martin Honnen wrote:


> hemant.singh@gmail.com wrote:


>


> > now my client can be comg from any domain, all they need to do is


> >


> > <!-- Magic script starts -->


> > <div id="mymagic">


> > <script src="http://x.com/javascripts/client.js" />


> > <script type='text/javascript'>


> > showThemReality();


> > </script>


> > </div>


> > <!-- Magic script ends -->


> >


> > Now the client.js loaded from x.com is making a ajax connection to


> > x.com, is this a issue?


>


> Same origin policy means the origin of the HTML (or by now XML or SVG)


> document with the script element matters, if the document with the


> script element has been loaded from e.g. http://example.com/ then


> XMLHttpReuqest can make HTTP requests to that origin but not to other ones.


> What you can however do is use a script element e.g.


>    <script type="text/javascript"


>


> src="http://example.org/service.asp?method=methodname&amp;arg1=value1&amp;callback=yourcallback"></script>


>


> define a function


>    function yourcallback (resultData) {


>      // process resultData here that


> http://example.org/service.asp?method=methodname


>      delivers as an argument to yourcallback


>    }


>


> That way there is no use of XMLHttpRequest with its restricted same


> origin policy, rather a script is loaded from a different origin where a


> server script generates the client script as needed, reading out the


> query string to know which "server-side method" to call with which


> arguments and then deliver the data by callling the callback function


> you have defined.


>


>


> If you wanted to use XMLHttpRequest in a document loaded from


> http://example.com/ to make a request to http://example.org/ then you


> can't unless server-side script on example.com works as a proxy so that


> your XMLHttpRequest goes to example.com passing in the example.org URL


> as data in the query string or request body where the server side script


> on example.com then makes the request to example.org as needed and


> passes the data back to the client e.g.


>    var httpRequest = new XMLHttpRequest();


>    httpRequest.open('GET',


> 'http://example.com/proxy.asp?url=http://example.org/service1.asp', true)


> 


> -- 


> 


> 	Martin Honnen


> 	http://JavaScript.FAQTs.com/


Received on Mon May  1 05:04:08 2006