26 Jan
2013
26 Jan
'13
5:03 a.m.
Hi,
I want one of my pages to make a post to another site and insert the
results into its page. Right now I've got a JavaScriptExtension that
looks like:
function doquery() {
new Ajax.Request('http://mat.exon.name/test.php', {
method:'post',
parameters:{
'arg' : document.getElementById('thearg').value,
},
});
return false;
}
I find that this does an OPTIONS request, but not the intended POST. If
I change the URL to a local page, the POST goes through as intended. Am
I tripping up over some kind of XSS defense, and is there some way to
turn it off?
26 Jan
26 Jan
4:51 p.m.
Hi,
Indeed you are hitting the standard "same origin policy".
You have 3 possibilities to circumvent it :
* With JSONP requests - if the server supports them, and only for GET
requests [1]
* With CORS/pre-flight requests - if the server support them [2]
* With a proxy (for example a page on your wiki) that does the URL GET
or POST, and you hit the proxy with your Ajax requests.
Hope this helps,
Jerome
[1] http://en.wikipedia.org/wiki/JSONP
[2] http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Le 26/01/13 05:03, xwiki.mexon(a)spamgourmet.com a écrit :
Hi,
I want one of my pages to make a post to another site and insert the
results into its page. Right now I've got a JavaScriptExtension that
looks like:
function doquery() {
new Ajax.Request('http://mat.exon.name/test.php', {
method:'post',
parameters:{
'arg' : document.getElementById('thearg').value,
},
});
return false;
}
I find that this does an OPTIONS request, but not the intended POST.
If I change the URL to a local page, the POST goes through as
intended. Am I tripping up over some kind of XSS defense, and is
there some way to turn it off?
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
27 Jan
27 Jan
12:35 a.m.
Yeah, I guess that makes sense. Thanks for the suggestions. In fact I
should be able to bring all my services under one domain so I'll just do
that. It was a misguided attempt to improve security by keeping my
servers separate that brought me here in the first place!
On 2013-01-26 23:51 , Jerome Velociter - jerome(a)velociter.fr wrote:
Hi,
Indeed you are hitting the standard "same origin policy".
You have 3 possibilities to circumvent it :
* With JSONP requests - if the server supports them, and only for GET
requests [1]
* With CORS/pre-flight requests - if the server support them [2]
* With a proxy (for example a page on your wiki) that does the URL GET
or POST, and you hit the proxy with your Ajax requests.
Hope this helps,
Jerome
[1] http://en.wikipedia.org/wiki/JSONP
[2] http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Le 26/01/13 05:03, xwiki.mexon(a)spamgourmet.com a écrit :
Hi,
I want one of my pages to make a post to another site and insert the
results into its page. Right now I've got a JavaScriptExtension that
looks like:
function doquery() {
new Ajax.Request('http://mat.exon.name/test.php', {
method:'post',
parameters:{
'arg' : document.getElementById('thearg').value,
},
});
return false;
}
I find that this does an OPTIONS request, but not the intended POST.
If I change the URL to a local page, the POST goes through as
intended. Am I tripping up over some kind of XSS defense, and is
there some way to turn it off?
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
4348
days inactive
4348
days old
2 comments
2 participants
participants (2)
-
Jerome Velociter -
xwiki.mexon@spamgourmet.com