Hello,
this is my example, that''s not work. But I can''t explain why
not. The
request is not sent. I get no request. The Servlet works fine.
Can somebody helpa beginner?
<html>
<head>
<title>Servlet aufrufen</title>
<script type="text/javascript" src="scriptaculousAjax/lib/
prototype.js"></script>
<script type="text/javascript" src="scriptaculousAjax/src/
scriptaculous.js"></script>
<script>
function sendRequest() {
new Ajax.Request(''localhost:8080/AjaxServer2/
AusgabeServlet'',
{ method:''get'',
parameters: {eingabe: ''example''},
onSuccess: function(transport){
var response = transport.responseText || "no response
text";
alert("Success! \n\n" + response); },
onFailure: function(){ alert(''Something went
wrong...'') } });
}
</script>
</head>
<body>
<form action="/submitOrder" name="testForm"
onkeypress="sendRequest()">
<input type="text" name="eingabe"
id="eingabe" value="" >
<input type="text" name="ausgabe"
id="ausgabe" value="">
<input type="submit"/>
</form>
</body>
</html>
Christoph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---
Hey, Christoph a écrit :> new Ajax.Request(''localhost:8080/AjaxServer2/Is the page that loads your script served from localhost:8080? Otherwise you''ll fall victim to the Same Origin Policy, which dictates AJAX can only communicate with the same host+port pair as its own. -- Christophe Porteneuve aka TDD tdd-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Hello, is there a possibility to solve this security problem? Christoph On 4 Jun., 12:45, Christophe Porteneuve <t...-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org> wrote:> Hey, > > Christoph a écrit : > > > new Ajax.Request(''localhost:8080/AjaxServer2/ > > Is the page that loads your script served from localhost:8080? > Otherwise you''ll fall victim to the Same Origin Policy, which dictates > AJAX can only communicate with the same host+port pair as its own. > > -- > Christophe Porteneuve aka TDD > t...-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---
Hey Christoph, Christoph a écrit :> is there a possibility to solve this security problem?It is NOT a problem. It is a SOLUTION. Allowing AJAX to cross-site would open the flood on XSS attacks all over the place, circumventing corporate firewalls entirely. The traditional approach, used by most apps and online portals, is to have a "proxy" script on the same server, which takes the URL as its argument, grabs it on the server side and sends the response untouched to the client side. It''s used for RSS/Atom feeds, REST-based (or even SOAP-based, heavens!) web services, etc. -- Christophe Porteneuve aka TDD tdd-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Spinoffs" group. To post to this group, send email to rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-spinoffs?hl=en -~----------~----~----~----~------~----~------~--~---