• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: XMLHttpRequest object and WebObjects
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XMLHttpRequest object and WebObjects

  • Subject: Re: XMLHttpRequest object and WebObjects
  • From: Hunter Hillegas <email@hidden>
  • Date: Tue, 31 May 2005 18:28:56 -0700
From what I've been told, you don't need to sign your pages, you just need to make sure the request comes from the same host as the XmlHttpRequest call.

See the security section of this page:
http://developer.apple.com/internet/webcontent/xmlhttpreq.html

On May 31, 2005, at 4:44 PM, Greg wrote:

Hi Gurus,
I am currently reworking some components in my wo app to start making less page refreshes by going back to the server for a complete new layout, instead just using javascript and XMLHttpRequest objects to just send and receive the data. I have been having trouble with getting the request sent back to the server in safari and mozilla. Safari doesn't display any messages, but in mozilla it was throwing a security access problem, "permission denied to call method XMLHttpRequest.open". I googled and found a link to mozilla's site which had the following interesting piece of information. I figured out why safari and mozilla weren't playing nice was because the scripts were coming from http://localhost/ and the wo app was http://server.local/ making it a different domain.

<Quote>

Signing Scripts

During development of a script you'll eventually sign, you can use codebase principals for testing, as described in "Codebase Principals". Once you've finished modifying the script, you need to sign it. The major difference in signing scripts between 4.x and Mozilla is that in Mozilla, the entire page must be signed, as opposed to only the script running on the page. For any script to be granted expanded privileges, all scripts on or included by an HTML page must be signed.

You can sign JavaScript files (accessed with the SRC attribute of the SCRIPT tag), inline scripts, event handler scripts JavaScript entities and javascript: URLs.
</Quote>

This poses a serious problem for any sort of server side generated web page, not just web objects. How can a dynamically generated page sign itself?

Greg
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40mac.com

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >XMLHttpRequest object and WebObjects (From: Greg <email@hidden>)






    

  • Prev by Date:
RE: Flash and WebObjects...Make it Work with XML or other ?

    • 

  • Next by Date:
WO Pub Night - change in venue

    • 

  • Previous by thread:
XMLHttpRequest object and WebObjects

    • 

  • Next by thread:
Project Wonder error - unable to register descriptions for class

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •