On Tue, May 25, 2010 at 3:12 PM, Bogdan Ciprian Pistol <[email protected]> wrote: > On Tue, May 25, 2010 at 11:18 AM, Niklas Gustavsson > <[email protected]> wrote: >> To me, having support for cross domain XHR would not be required, but >> others might have different opinions. > > So, you would like to serve the HTML and JS files, and others files > from Vysper (to be served from the same domain where Javascript BOSH > will connect with Ajax calls)? > Because someone might one to use server side scripting or other > features available in standard web servers like Apache HTTP Server and > will want to serve the HTML and JS and other files with Apache or some > other HTTP server and will not be able to connect to Vysper because > it's on another domain.
Of course, using a reverse proxy, these does not need to served from the same source. However, you might be right that we should make it simple to allow for cross-domain communication. In that case, we still need to make this secure, e.g. have a whitelist like the Flash crossdomain.xml which is configurable for the user. /niklas
