Rails spinoffs - Oct 2006 - Ajax.Request not working in Firefox

I have a page which uses Ajax.Request().  I am serving up the page from
an embedded device using thttpd.  The page works fine in IE, but the
calls to Ajax.Request fail in Firefox because of security.  I''ve read
about signing scripts and pages, but honestly haven''t been able to make
heads nor tails of it.  The thing which confuses me is why other
tutorials on the web which use xmlhttprequest work fine in Firefox, but
do not appear to be signed.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

I have noticed that the librarys dont get loaded "automatically" with
firefox.  No error comes up but certen things just dont work.  I seem
to have fixed the issue by just includeing the classes manually.  I am
not sure why this is happening.

<script src="/javascript/controls.js"
type="text/javascript"></script>
<script src="/javascript/builder.js"
type="text/javascript"></script>


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

well sence i typed in the wrong area and cant delete my post sorry.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

Hey there,

nvleer a écrit :
> I have a page which uses Ajax.Request().  I am serving up the page from
> an embedded device using thttpd.  The page works fine in IE, but the
> calls to Ajax.Request fail in Firefox because of security.  I''ve
read
> about signing scripts and pages, but honestly haven''t been able to
make
> heads nor tails of it.  The thing which confuses me is why other
> tutorials on the web which use xmlhttprequest work fine in Firefox, but
> do not appear to be signed.
Any XHR call in FF and other Moz browsers will be bound by the security
policy, that mandates the call targets the same [sub]domain as the one
the calling page originated from.

Most AJAX books (or solid tutorials) go for a "proxy" feature on their
server side:  a small script on the server side that basically receives
the target URL you''re trying to hit, the HTTP method (get/post) and
your
intended parameters, does the call, and sends the result (status code,
headers, body) all back to you.

It''s pretty straightforward in most situations, as it doesn''t
have to be
*that* generic: it just has to fit your needs.

-- 
Christophe Porteneuve a.k.a. TDD
"[They] did not know it was impossible, so they did it." --Mark Twain
Email: tdd-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

Hello,
> Any XHR call in FF and other Moz browsers will be bound by the security
> policy, that mandates the call targets the same [sub]domain as the one
> the calling page originated from.
It seems like my situation does not violate this mandate.  The page is
served from my embedded device which also contains my REST server.  The
only difference is the port. ??


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

nvleer a écrit :
> It seems like my situation does not violate this mandate.  The page is
> served from my embedded device which also contains my REST server.  The
> only difference is the port. ??
Hmmm, that''s interesting.  It might actually trigger Moz''
claptrap.  Can
you try serving the AJAX response on the same port, even faking it, to
check that the port is the issue?

-- 
Christophe Porteneuve a.k.a. TDD
"[They] did not know it was impossible, so they did it." --Mark Twain
Email: tdd-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

On Oct 18, 4:54 pm, Christophe Porteneuve
<t...-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org>
wrote:
> nvleer a écrit :
> > It seems like my situation does not violate this mandate.  The page is
> > served from my embedded device which also contains my REST server. 
The
> > The only difference is the port. ??
> Hmmm, that''s interesting.  It might actually trigger Moz''
claptrap.  Can
> you try serving the AJAX response on the same port, even faking it, to
> check that the port is the issue?
I couldn''t actually server the AJAX from the same port, but I changed
the javascript to request from the same port and then watched the
traffic with Ethereal,  errr Wireshark.  The port is indeed the
problem.  When Ajax.Request() is sent to port 80 (same as the page is
served from) I see the HTTP GET.

Is a different port really ''cross-domain''?  Is there a way to
get
around this?  The pages are served by thttpd and the REST server is
done in Python.

Thanks.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

>I couldn''t actually server the AJAX from the same port, but I
changed
>the javascript to request from the same port and then watched the
>traffic with Ethereal,  errr Wireshark.  The port is indeed the
>problem.  When Ajax.Request() is sent to port 80 (same as the page is
>served from) I see the HTTP GET.
>
>Is a different port really ''cross-domain''?  Is there a way
to get
>around this?  The pages are served by thttpd and the REST server is
>done in Python.
>
>Thanks.
>  
>
Can you get the REST server (or whatever''s listening on port 80) to 
reverse-proxy to the other port. Or vice-versa? I think the only answers 
you''ll find are on the server-side.

sam

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

On Oct 19, 12:10 am, Sam Foster
<s...-WNdku5qRq3FWk0Htik3J/w@public.gmane.org>
wrote:
> Can you get the REST server (or whatever''s listening on port 80)
to
> reverse-proxy to the other port. Or vice-versa? I think the only answers
> you''ll find are on the server-side.
I''m not sure how to do it yet, but it seems its the way I''ll
have to
go.  Guess its time to find one of those solid tutorials that
Christophe spoke of. It doesn''t look as if thttpd can do this.  I
started to looked at lighttpd which seems like it might support this
sort of proxy.


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---

Yeah, this is completely intentional.  Its not a bug or anything.  Whether
or not its intelligent is another question altogether.  But, yeah, a
different port is, for our purposes, considered a different domain.

Tyler

On 10/18/06, nvleer <nvleer-YbzV19J7KiEAvxtiuMwx3w@public.gmane.org>
wrote:
>
>
> On Oct 18, 4:54 pm, Christophe Porteneuve
<t...-x+CfDp/qHev2eFz/2MeuCQ@public.gmane.org> wrote:
> > nvleer a écrit :
> > > It seems like my situation does not violate this mandate.  The
page is
> > > served from my embedded device which also contains my REST
> server.  The
> > > The only difference is the port. ??
> > Hmmm, that''s interesting.  It might actually trigger
Moz'' claptrap.  Can
> > you try serving the AJAX response on the same port, even faking it, to
> > check that the port is the issue?
>
> I couldn''t actually server the AJAX from the same port, but I
changed
> the javascript to request from the same port and then watched the
> traffic with Ethereal,  errr Wireshark.  The port is indeed the
> problem.  When Ajax.Request() is sent to port 80 (same as the page is
> served from) I see the HTTP GET.
>
> Is a different port really ''cross-domain''?  Is there a
way to get
> around this?  The pages are served by thttpd and the REST server is
> done in Python.
>
> Thanks.
>
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs
-~----------~----~----~----~------~----~------~--~---