On Sat, Oct 24, 2009 at 11:25, Gene Amtower <[email protected]> wrote:
> Thanks, Derrell, for filling in the missing pieces. I knew you had more
> insight into the transport difference than me.
>
> Since you didn't address it directly, can I assume the info I provided on
> cross-domain URLs and running the app in a server browser were correct?
>
I believe what you said was correct for *our* backends, but it is
implementation dependent. The backend chooses how to accept or refuse a
cross-domain request. It is of course required that the backend send back
what qooxdoo expects if qooxdoo is going to be able to make use of that
backend.
Just for reference, here's the piece of the PHP backend that makes the
decision, assuming that the class provides "Domain"-based accessibility to
the requested method, or, if the class doesn't provide a getAccessibility()
method, that the default accessibility set by the backend administrator is
"Domain":
/* Determine the protocol used for the request */
$bIsSSL =
(isset($_SERVER["SSL_PROTOCOL"]) ||
(isset($_SERVER["HTTPS"]) &&
strtolower($_SERVER["HTTPS"] != "off")));
$requestUriDomain = ($bIsSSL ? "https://"; : "http://";);
// Add the server name
$requestUriDomain .= $_SERVER["SERVER_NAME"];
// The port number optionally follows. We don't know if they manually
// included the default port number, so we just have to assume they
// didn't.
if ((! $bIsSSL && $_SERVER["SERVER_PORT"] != 80) ||
( $bIsSSL && $_SERVER["SERVER_PORT"] != 443))
{
// Non-default port number, so append it.
$requestUriDomain .= ":" . $_SERVER["SERVER_PORT"];
}
/* Get the Referer, up through the domain part */
if (ereg("^(https?://[^/]*)", $_SERVER["HTTP_REFERER"], $regs) ===
false)
{
/* unrecognized referer */
$error->SetError(JsonRpcError_PermissionDenied,
"Permission Denied [2]");
$error->SendAndExit();
/* never gets here */
}
/* Retrieve the referer component */
$refererDomain = $regs[1];
/* Is the method accessible? */
if ($refererDomain != $requestUriDomain)
{
/* Nope. */
$error->SetError(JsonRpcError_PermissionDenied,
"Permission Denied [3]");
$error->SendAndExit();
/* never gets here */
}
/* If no referer domain has yet been saved in the session... */
if (! isset($_SESSION["session_referer_domain"]))
{
/* ... then set it now using this referer domain. */
$_SESSION["session_referer_domain"] = $refererDomain;
Derrell
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
qooxdoo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
