[Laszlo-user] cross-domain issue on DHTML
Simon Cornelius P. Umacob
simoncpu at infoweapons.com
Thu Jul 17 04:43:54 PDT 2008
Henry Minsky wrote:
> Unfortunately, browser DHTML is even more restrictive than swf,
> because there is no equivalent of a "crossdomain.xml" file
> that you can put on a server to allow cross domain XML data loading.
> The browser security settings are
> very conservative, and access to 3rd party sites via script is not
> allowed by default.
>
> In order for an application to access XML data from a 3rd party site,
> you must use some sort of a proxy
> service to get the data, via the same server that your application
> originally downloaded from.
>
Just a tip in case someone will google for this in the archives:
When accessing XML files (especially with dynamically generated ones),
you also need to set the Content-Type header to application/xml.
Otherwise, you'll get permission errors if you don't. =)
If you need to write a proxy script in PHP, there's a good curl library
at http://github.com/shuber/curl/. I wrote one based on it (but not for
OL apps) a few weeks ago and it was really simple. =)
> I don't know of any easy way around this security limitation. There
> are some proposals out
> for standardizing a kind of crossdomain.xml file for DHTML, but I
> don't know which browsers
> support that yet.
>
> Now that I think about it, I suppose it would be possible to embed a
> tiny Flash application that
> could do XML data loading, and communicate with it via the
> Flash->browser communication API,
> in order to at least load data from sites that have a crossdomain.xml.
> I don't think anyone has done
> that yet.
>
Regards,
[ simon.cpu ]
--
And /usr/games/fortune futurama says:
Bender: Yeah, well I'm gonna build my own lunar space lander!
With blackjack aaaaannd Hookers! Actually, forget the space
lander, and the blackjack. Ahhhh forget the whole thing!
More information about the Laszlo-user
mailing list