On Fri, Feb 6, 2009 at 12:23 PM, Andy Fuchs <[email protected]> wrote:
> On 06.02.09 17:41, "Derrell Lipman" <[email protected]>
> wrote:
>
> > You've discovered the "same domain" requirement imposed by the browsers
> for
> > security reasons.
> >
> > qooxdoo provides three transports for remote requests (XmlHTTP, IFrame,
> and
> > Script), and selects from among the transports based on the requirements
> of
> > the request. Each transport has unique capabilities. The only transport
> that
> > supports cross-domain is the Script transport, and that transport only
> works
> > with GET requests. You can't do POST for cross-domain requests.
>
> It seems I can't even do POST requests INSIDE my domain: If I do
> setCrossDomain(false) and try to get data from another machine that doesn't
> work either. (Machine 1: 192.168.1.10 - Machine 2: 192.168.1.11)
> So that seems to be even more restrictive, because it seems to look for
> <ANY> change in the URL.
>
I think the same-domain policy works by domain name and maybe allows
subdomains, but not domains at the same level. Therefore if you retrieve
your page from mysite.com then *I think* that a request issued to
subdomain.mysite.com will be allowed. I'm not sure of that, though.
>
> >
> > 2.) The second thing I couldn't figure out is, how I can put additional
> data
> > into the body of the request? Instead of everything encoded in the URL.
> (See
> > the TCP-Flow results at the end of this post:
> > -> curl: works -> and has the test-method in the body.
> > -> qooxdoo: doesn't work -> and has everything in the URL
> >
> > GET requests use URL encoding of the parameters to the request. One of
> the
> > disadvantages of using a GET is that the data quantity is limited because
> the
> > parameter length is limited.
>
> Exactly that's the reason why I can't use GET!
> Do you have any idea how to work around this problem?
You could set up a proxy, so you could make requests using POST to the same
host from which you retrieved the initial page (host1), and that host would
make requests to some other host (host2) to retrieve information that it
then sent back from host1 to your browser.
There was a proposal (an RFC?) a while back, probably by David Crawford, for
a JSON-RPC intrinsic similar to the XmlHTTP intrinsic, that could be made
safe even cross-domain. I don't know what ever became of that, or if any
browsers yet support it.
Derrell
------------------------------------------------------------------------------
Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM)
software. With Adobe AIR, Ajax developers can use existing skills and code to
build responsive, highly engaging applications that combine the power of local
resources and data with the reach of the web. Download the Adobe AIR SDK and
Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________
qooxdoo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
