Hi Derrell, Am 08.10.2007 um 21:41 schrieb Derrell Lipman:
>> @Derrell: I would be very interested in the other transport method >> you mentioned in this thread (something about fragment identifiers). >> While Script transport is quite usable, another alternative would be >> nice. However, if it allows you to access arbitrary content from >> other servers (without having to prepare these servers in any way), >> it would actually be a security problem that should be fixed in the >> browser (at least if cookies are sent to the server). > > I believe that the security problem is avoided, but I'm not yet > entirely sure of the best way to implement this. I started to look at > and think about it and I believe it can be useful for us. If you're > interested, have a look at this blog entry: > http://tagneto.blogspot.com/2006/06/cross-domain-frame- > communication-with.html OK, I think I get it. You're right, there's no security problem (since you can't load arbitrary content without preparing the server). It seems like a nice idea for applications from different domains to communicate with each other (and without the need to send every message through a server). However, I don't think it would make sense to write a qooxdoo transport around it. You would still need to prepare the server so that it generates the necessary script code to initiate the communication. And you'd have to divide the content into many "packets" to avoid the URL length limit. There are many ways to achieve cross-domain communication, but they all require some degree of server cooperation (and they'd better, for the usual security reasons). For example, I started writing a kind of "CSS transport" that loads a style sheet from a server (cross-domain) and examines the computed style of a "communication element" in the DOM (which has a class that is influenced by the style sheet). Pro: No need to eval() anything. Cons: You have to poll for results with a timer, and it's potentially slow. There are some quirks in the Script transport, but it's the best cross-domain transport I could come up with as yet. Ideas are welcome. Regards, Andreas ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ qooxdoo-devel mailing list qooxdoo-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
