If you're not using a proxy then you have to give the client the login credentials to your MarkLogic instance and expose the REST port that will answer nearly any arbitrary search request. If you're OK with giving the world unlimited access to the REST API, you can and it will technically work, but an untrusted client might do things you don't appreciate. The proxy encapsulates the credentials and gives you the chance to intermediate what the untrusted client does, and lets you hide the raw REST port from public access.
OK, now back to wrapping gifts... -jh- On Dec 23, 2012, at 3:53 PM, Jakob Fix wrote: > thanks David, that seems to confirm my thoughts. as I'm intending to > use a viz directly from within a ML-based site, the proxy won't > concern me. One less thing to worry about. > > cheers, > Jakob. > > > On Mon, Dec 24, 2012 at 12:49 AM, David Lee <[email protected]> wrote: >> Not the expert on this, but since I happen to be on the laptop might shed >> some light from what I think I know .... >> Please correct me anyone who knows better. >> >> I *belive* the issue is exactly that, cross domain scripting issues. >> If you host your app in a web server then all the requests to ML need to go >> through that server then proxy to ML or browsers will reject them. >> However I don't believe there is any need for a proxy if the entire app is >> hosted on ML directly. >> I do belive all our app builder generated apps with visualization widgets >> run just fine without a proxy. >> So I belive the issue is *if and only if* you host your app in an app server >> that is not the ML database app server, then you will need to proxy requests. >> >> >> >> >> >> ----------------------------------------------------------------------------- >> David Lee >> Lead Engineer >> MarkLogic Corporation >> [email protected] >> Phone: +1 812-482-5224 >> Cell: +1 812-630-7622 >> www.marklogic.com >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Jakob Fix >> Sent: Sunday, December 23, 2012 6:25 PM >> To: General Mark Logic Developer Discussion >> Subject: [MarkLogic Dev General] viz widgets - need for a proxy? >> >> Hi, I'm looking at the visualization widgets that have been introduced >> with v6, and I notice that there is a lot of talk about a proxy that >> needs to be written (all the examples mention PHP and there is even a >> PHP script) >> >> http://docs.marklogic.com/guide/search-dev/visualwidgets#id_26253 >> >> mentions that custom apps generally need to run queries through a >> proxy, but no background information about the "why" is given. >> >> Has it anything to do with cross-domain security restrictions that >> allow browsers to retrieve JSON(P) from another domain, but no XML >> (and there a local server-based proxy might make sense, if the client >> was browser-based)? >> >> Thanks for explaining why there is a need for a proxy, and why it >> couldn't written in XQuery. >> >> cheers, >> Jakob. >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general >> _______________________________________________ >> General mailing list >> [email protected] >> http://developer.marklogic.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
