I'm working on an intranet with several subdomains. I have control over each subdomain, so security of cross-site requests is not a concern. I have PHP scripts with JSON responses I'd like to call from multiple subdomains without duplication. For GET requests, I can do this with AJAX and JSONP, but that doesn't work with POST requests. Some alternatives I see, none of which seem very good:
- POST to a copy on local subdomain with minimal response, then GET full response from central location with JSONP
- Both POST and GET to a copy on local subdomain with JSON
- Use mod_rewrite to use local URLs with a central script on back end with JSON
- Use symlinks to use local URLs with a central script on back end with JSON
Am I missing something simpler? What would you do here?
-
I use REST approach in such cases. Search google for more information about REST.
Robert Gould : Yes doing REST is the more sensible solution indeed.Scott Reynen : I'm familiar with REST, but I don't see how that addresses my problem. I can't send a cross-domain POST request using REST any more than I can without, can I?From Stanislav -
You could write a simple reflector at the server side. Add a script to each domain that simply passes your ajax request on to the appropriate domain. This script can be very simple (1 or 2 lines of code), avoids your cross site scripting issues and means you don't need to duplicate the complicated business logic in your existing scripts.
It will cause extra work for your server, but that may not be a problem for you.
The closest example code I can find on the sites I manage is the following. Here we needed to be able to use Googles Chart API on an HTTPS connection (which it does not support yet). The solution was to add the following script that passed the calls on...
<?php // Set header so our output looks like a PNG header("Content-Type: image/png"); // Reflect the image from googles chart API echo file_get_contents('http://chart.apis.google.com/chart?'.$_SERVER['QUERY_STRING']); ?>
From rikh -
If they're all subdomains of the the same domain, you can just add this code to every page:
document.domain = 'domain.com';
Then, just use plain xmlHttpRequest.
From Jarett -
just look at this https://developer.mozilla.org/En/HTTP%5Faccess%5Fcontrol page. All what you need - add header to all you scripts that accept post request. Example:
0 comments:
Post a Comment