Hi all,
I was wondering if one could pull a completely separate web site into a
div, e.g.
<a href="#" onclick="new
Ajax.Updater(''artifact'',
''http://www.vivisimo.com/'', {asynchronous:true,
evalScripts:true,
onLoading:function(request){Toggle.display(''message2body'')}});
return
false;">»</a>
it fails when I try at present, but I''m wondering what''s
causing the
failure and if there is any way round it.
The erb to generate the above is as follows:
<%= link_to_remote "»",
:url=>message.resource.url,
:update=>''artifact'',
:loading=>''Toggle.display(\''message''+message.message_id.to_s+"body'')"
%>
I would try turning off evalScripts, but am unsure how to do that via
the erb code.
Many thanks in advance.
CHEERS> SAM
Hello Sam, Sam Joseph said the following on 2005-09-21 20:53:> <a href="#" onclick="new Ajax.Updater(''artifact'', > ''http://www.vivisimo.com/'', {asynchronous:true, evalScripts:true, > onLoading:function(request){Toggle.display(''message2body'')}}); return > false;">»</a> > > it fails when I try at present, but I''m wondering what''s causing the > failure and if there is any way round it.Nope, sorry. There''s no way to go around that. The problem is coming from XMLHttpRequest. For security reasons, it is not allowed to connect anywhere else than the current server. You would need some kind of proxy on the server which would connect and return the information for you. Hope that helps, Fran?ois
Hi Francois, That does help, many thanks. However I wonder is this an Ajax or a ruby issue? And if we get round it (e.g. with your proxy solution) I wonder would the result just look like a mess ...? Many thanks. CHEERS> SAM Fran?ois Beausoleil wrote:> Hello Sam, > > Sam Joseph said the following on 2005-09-21 20:53: > >> <a href="#" onclick="new Ajax.Updater(''artifact'', >> ''http://www.vivisimo.com/'', {asynchronous:true, evalScripts:true, >> onLoading:function(request){Toggle.display(''message2body'')}}); return >> false;">»</a> >> >> it fails when I try at present, but I''m wondering what''s causing the >> failure and if there is any way round it. > > > Nope, sorry. There''s no way to go around that. The problem is coming > from XMLHttpRequest. For security reasons, it is not allowed to > connect anywhere else than the current server. You would need some > kind of proxy on the server which would connect and return the > information for you. > > Hope that helps, > Fran?ois > > _______________________________________________ > Rails-spinoffs mailing list > Rails-spinoffs@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs > >
On Sep 21, 2005, at 5:53 PM, Sam Joseph wrote:> Hi all, > > I was wondering if one could pull a completely separate web site > into a > div, e.g. > > <a href="#" onclick="new Ajax.Updater(''artifact'', > ''http://www.vivisimo.com/'', {asynchronous:true, evalScripts:true, > onLoading:function(request){Toggle.display(''message2body'')}}); return > false;">»</a>You have to use a proxy of some sort on the server. XMLHTTPRequest cant get data from any other server except the one that the page was pulled from for security reasons. But here is some code that I am using as a model to get remote pages like you want to do: #Put this in your models directory require ''net/http'' require ''uri'' class RemotePage # limit defaults to 3 tries before it fails. This is needed because # of the unreliable nature of getting pages on demand from # a remote server. 3 will usually getthe page with no error if # the remote server is pretty reliable but you might want # to up it to 5 if the server is low or unreliable def self.fetch(url, limit=3) data = '''' begin data = Net::HTTP.get_response(URI.parse("#{url}")) rescue limit -= 1 limit > 0 ? retry : raise end data.body end end # now in your controller you can call an action from you ajax request on you page like so: def get_remote_page_ajax @content = RemotePage.fetch(params[:url]) render_without_layout end Then just set up your Ajax action to call the get_remote_ajax_page with the url var set in params and it will return the content of the remote page. Hope that helps- -Ezra Zygmuntowicz WebMaster Yakima Herald-Republic Newspaper ezra@yakima-herald.com 509-577-7732 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails-spinoffs/attachments/20050921/a6b3441a/attachment-0001.html
It''s a security issue w/ the Http Request objects (used by the web browsers) not being allowed to cross domains. The "proxy" would be a component on the server that feths the request for you and marshals it back up stream. So: the browser would http-request a "page" on your server, which would in turn request a page on some other server. On 9/21/05, Sam Joseph <gaijin@yha.att.ne.jp> wrote:> > Hi Francois, > > That does help, many thanks. > However I wonder is this an Ajax or a ruby issue? > And if we get round it (e.g. with your proxy solution) I wonder would > the result just look like a mess ...? > > Many thanks. > > CHEERS> SAM > > Fran?ois Beausoleil wrote: > > > Hello Sam, > > > > Sam Joseph said the following on 2005-09-21 20:53: > > > >> <a href="#" onclick="new Ajax.Updater(''artifact'', > >> ''http://www.vivisimo.com/'', {asynchronous:true, evalScripts:true, > >> onLoading:function(request){Toggle.display(''message2body'')}}); return > >> false;">»</a> > >> > >> it fails when I try at present, but I''m wondering what''s causing the > >> failure and if there is any way round it. > > > > > > Nope, sorry. There''s no way to go around that. The problem is coming > > from XMLHttpRequest. For security reasons, it is not allowed to > > connect anywhere else than the current server. You would need some > > kind of proxy on the server which would connect and return the > > information for you. > > > > Hope that helps, > > Fran?ois > > > > _______________________________________________ > > Rails-spinoffs mailing list > > Rails-spinoffs@lists.rubyonrails.org > > http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs > > > > > > > _______________________________________________ > Rails-spinoffs mailing list > Rails-spinoffs@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails-spinoffs/attachments/20050921/829b62bd/attachment.html
On Sep 21, 2005, at 6:14 PM, Sam Joseph wrote:> Hi Francois, > > That does help, many thanks. > However I wonder is this an Ajax or a ruby issue? > And if we get round it (e.g. with your proxy solution) I wonder > would the result just look like a mess ...? > > Many thanks. > > CHEERS> SAMAlso I forgot to mention that you can use this fetch action to parse the html file on its way through your proxy and rewrite urls or whatever else. I am using it like this: def self.fetch(page, section=''display'', limit=5) data = '''' begin data = Net::HTTP.get_response(URI.parse("http:// 192.168.0.2/#{page}")) rescue limit -= 1 limit > 0 ? retry : raise end data.body.gsub!(/\/temporaryimages/, "http://img.yakima- herald.com/temporaryimages") data.body.gsub!(/\/wrappers\/(\d+)\.news/i, ''/page/''+section +''/\1'') data.body end So you could use gsub''s to parse out the header so your action only returns the page contents between the <body></body> tags. Hope you can use this, let me kn ow how it works for you. I have a big site in production that does a lot of these calls and it runs great fro me. But I am not using it through Ajax I just use it in my controller actions to gather remote data and then render it in my views. -Ezra Zygmuntowicz WebMaster Yakima Herald-Republic Newspaper ezra@yakima-herald.com 509-577-7732
* Sam Joseph <gaijin@yha.att.ne.jp> [2005-09-21 21:15]:> Hi Francois, > > That does help, many thanks. > However I wonder is this an Ajax or a ruby issue? > And if we get round it (e.g. with your proxy solution) I wonder would > the result just look like a mess ...?It is a JavaScript security issue. You are not allowed to make requests to server different from the one that served the script. You can either sign the script (something I''ve never bothered with), or proxy it (which is actually very easy). Yes. It would look messy. You''d have to spend time cleaning things up for the site you wanted to box. Trying to make it generic, and box artibrary sites, that''s going to cause all sorts of probems. You can try using an IFRAME to box the other site. That''s the tact taken by BittyBrowser. http://www.bitty.com/ If a bitty browser is what you want, study this hack. Hope this helps. -- Alan Gutierrez - alan@engrm.com - http://engrm.com/blogometer/index.html - http://engrm.com/blogometer/rss.2.0.xml
Hi Alan, Thanks - that''s very interesting. I had used iframes a few years back and was assuming the browser compatibility wasn''t there - although it seems like times have changed. I guess with frames (i or otherwise) I have two problems: 1. people use javascript to break out of them 2. browsers are inconsistent in their interpretation of resizability and borders. The application I''m working on tries to support a discussion tool, where the discussion takes place about a web page that the users can see in an adjacent window/frame/space Of course arguably this is all really a browser issue. If everyone used conquerer then they could just split their tabs and see things side by side. Supporting this consistently across multiple browsers is a sticky problem ... Many thanks again. CHEERS> SAM Alan Gutierrez wrote:>* Sam Joseph <gaijin@yha.att.ne.jp> [2005-09-21 21:15]: > > >>Hi Francois, >> >>That does help, many thanks. >>However I wonder is this an Ajax or a ruby issue? >>And if we get round it (e.g. with your proxy solution) I wonder would >>the result just look like a mess ...? >> >> > > It is a JavaScript security issue. You are not allowed to make > requests to server different from the one that served the > script. You can either sign the script (something I''ve never > bothered with), or proxy it (which is actually very easy). > > Yes. It would look messy. You''d have to spend time cleaning > things up for the site you wanted to box. Trying to make it > generic, and box artibrary sites, that''s going to cause all > sorts of probems. > > You can try using an IFRAME to box the other site. That''s the > tact taken by BittyBrowser. > > http://www.bitty.com/ > > If a bitty browser is what you want, study this hack. > > Hope this helps. > >-- >Alan Gutierrez - alan@engrm.com > - http://engrm.com/blogometer/index.html > - http://engrm.com/blogometer/rss.2.0.xml >_______________________________________________ >Rails-spinoffs mailing list >Rails-spinoffs@lists.rubyonrails.org >http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs > > > >
Many thanks to Ezra and others for the proxy suggestion. Ezra, I really appreciate you sending the code. I wonder if a more consistent iframe like experience could be created using this method. See my other mail for what I''m trying to achieve in my application. Many thanks again. CHEERS> SAM Ezra Zygmuntowicz wrote:> > You have to use a proxy of some sort on the server. XMLHTTPRequest > cant get data from any other server except the one that the page was > pulled from for security reasons. But here is some code that I am > using as a model to get remote pages like you want to do:
* Sam Joseph <gaijin@yha.att.ne.jp> [2005-09-22 13:48]:> Alan Gutierrez wrote: > > >* Sam Joseph <gaijin@yha.att.ne.jp> [2005-09-21 21:15]: > > > > > >>Hi Francois, > >> > >>That does help, many thanks. > >>However I wonder is this an Ajax or a ruby issue? > >>And if we get round it (e.g. with your proxy solution) I wonder would > >>the result just look like a mess ...? > >> > >> > > > > It is a JavaScript security issue. You are not allowed to make > > requests to server different from the one that served the > > script. You can either sign the script (something I''ve never > > bothered with), or proxy it (which is actually very easy). > > > > Yes. It would look messy. You''d have to spend time cleaning > > things up for the site you wanted to box. Trying to make it > > generic, and box artibrary sites, that''s going to cause all > > sorts of probems. > > > > You can try using an IFRAME to box the other site. That''s the > > tact taken by BittyBrowser. > > > > http://www.bitty.com/ > > > > If a bitty browser is what you want, study this hack. > > > > Hope this helps. > >> I had used iframes a few years back and was assuming the browser > compatibility wasn''t there - although it seems like times have changed. > > I guess with frames (i or otherwise) I have two problems: > > 1. people use javascript to break out of themWondering... If you are going to proxy, why not attach your own script? Add it in the header, before every other script, on that would redefine the top property of the document, or in some other way, makes that common bit of JavaScript. I''m guessing, it might be impossible, but it might be possible. Cannonical frame breakout logic... if (top.location != location) { top.location.href = document.location.href ; } Maybe redifine the top property in the prototype. Or maybe just... var top = { location: { href: document.location.href } }> 2. browsers are inconsistent in their interpretation of resizability and > borders.Hacking through those isses will be much easier than hacking through the issues of injecting another site into a div.> The application I''m working on tries to support a discussion tool, > where the discussion takes place about a web page that the users > can see in an adjacent window/frame/spaceThis is a solution that calls for frames. The other page is not part of your page, really. It needs it''s own environment. Your application is embedding a browser control, and frames will let you do that. I''m stating an opinion not to be opinionated, just to give you some reasoning. If you were to write this in (what do they use these days? MFC#?) a windowing toolkit, you''d embed Gecko, Konq, or IE as a separate control wouldn''t you? Cheers. -- Alan Gutierrez - alan@engrm.com - http://engrm.com/blogometer/index.html - http://engrm.com/blogometer/rss.2.0.xml