PDA

View Full Version : Ajax domain issues



DaveC426913
21 Sep 2010, 5:57 AM
I don't know here else to turn. I'm out of my league on this Ajax stuff and no amount of research is pointing toward a solution.

I am trying to populate my list with a call to my server that is going to deliver some XML. First step is to get a session ID.

My page is choking on the cross-domain request before it ever gets to the server.



Ext.Ajax.request({
url: 'http://server-s01.mydomain.com:81/ws/srnStoreDeviceSessionServices.php',
method: 'POST',
params :{fun:'srnDeviceLogin',did:'66:66:00:00:00:EE'},
success: function(response, opts) {
//do some successful stuff
}
failure: function(response, opts) {
//complain
},



The error I get is:
XMLHttpRequest cannot load http://server-s01.mydomain.com:81/ws/srnStoreDeviceSessionServices.php (http://server-s01.myserver.com:81/ws/srnStoreDeviceSessionServices.php). Origin http://comp-013.mydomain.com:8080 (http://comp-013.mydevsystem.com:8080) is not allowed by Access-Control-Allow-Origin.

I know the call is correct; I can do a wget at the commandline at it returns the XML I want.
wget -O session.xml --post-data="fun=srnDeviceLogin&did=66:66:00:00:00:EE" http://server-s01.mydomain.com:81/ws/srnStoreDeviceSessionServices.php (http://server-s01.mydomain.com:81/ws/srnStoreDeviceSessionServices.php)


I've tried playing with document.domain:
document.domain="server-s01.mydomain.com";

I just get a different flavour of the same error:
Uncaught Error: SECURITY_ERR: DOM Exception 18

I've researched every angle I can think of to no avail. (And, as mentoined I'm a little out of my league with server-side stuff.)

evant
21 Sep 2010, 6:07 AM
Exactly what it says...

https://developer.mozilla.org/En/Same_origin_policy_for_JavaScript

DaveC426913
21 Sep 2010, 6:10 AM
But we had this working. I've got a demo that performed using jquery. That was before we changed our servers. Now I can't prove it was working.

What about this document.domain thing? I don't really undetrstand how that might be applicable to my setup.

Do I simply say: document.domain="mydomain.com"?

evant
21 Sep 2010, 6:21 AM
You can't do cross domain Ajax requests (this is in general). The best you can do is JSONP: http://remysharp.com/2007/10/08/what-is-jsonp/

danguba
21 Sep 2010, 6:47 AM
Maybe this can help
http://www.sencha.com/forum/showthread.php?17691-Cross-domain-Ext.Ajax-Ext.data.Connection

DaveC426913
21 Sep 2010, 11:04 AM
Got it!

My back-end guy modified the server to provide domain access, thus:

# go to where the Apache source files are located
cd /usr/local/src/httpd-2.2.9/modules/metadata/

# compile the header handling functions
sudo /usr/local/apache2/bin/apxs -c mod_headers.c

# link them into Apache
sudo /usr/local/apache2/bin/apxs -i -a -n headers .libs/mod_headers.so

# open the configuration file
sudo -e /usr/local/apache2/conf/httpd.conf

# add these lines after the htdocs directory section
<Directory "/usr/local/apache2/htdocs/ws">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,POST"
Header set Access-Control-Allow-Headers "x-prototype-version,x-requested-with"
</Directory>

# restart Apache so that the new changes take effect
sudo /usr/local/apache2/bin/apachectl -k restart

iffius
31 Oct 2010, 6:56 AM
You can't do cross domain Ajax requests (this is in general). The best you can do is JSONP: http://remysharp.com/2007/10/08/what-is-jsonp/

That's not correct for most modern browsers. You can do cross domain Ajax request with CORS (Cross-Origin Resource Sharing). See http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/ for more info.

Unfortunately, this seems to be broken with Ext.ajax.request() infrastructure. Although a simple cross domain ajax request works, the Ext one fails with an unhelpful error code 0. I think root cause is that Ext is mucking with the request causing an invalid state (at least with regard to making a cross domain request)

cavalleydude
16 Nov 2010, 8:57 AM
Hi DaveC426913 (http://www.sencha.com/forum/member.php?160865-DaveC426913),

Regarding the Apache configuration changes made above, did this allow your Ext.Ajax.request (below) to work okay? Does the web service you call return JSONP format, or standard JSON? I do not see a callback, so I;m assuming you are making this work without JSONP and callbacks, right?

-cavalleydude



Ext.Ajax.request({
url: 'http://server-s01.mydomain.com:81/ws/srnStoreDeviceSessionServices.php',
method: 'POST',
params :{fun:'srnDeviceLogin',did:'66:66:00:00:00:EE'},
success: function(response, opts) {
//do some successful stuff
}
failure: function(response, opts) {
//complain
}
Got it!

My back-end guy modified the server to provide domain access, thus:

# go to where the Apache source files are located
cd /usr/local/src/httpd-2.2.9/modules/metadata/

# compile the header handling functions
sudo /usr/local/apache2/bin/apxs -c mod_headers.c

# link them into Apache
sudo /usr/local/apache2/bin/apxs -i -a -n headers .libs/mod_headers.so

# open the configuration file
sudo -e /usr/local/apache2/conf/httpd.conf

# add these lines after the htdocs directory section
<Directory "/usr/local/apache2/htdocs/ws">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,POST"
Header set Access-Control-Allow-Headers "x-prototype-version,x-requested-with"
</Directory>

# restart Apache so that the new changes take effect
sudo /usr/local/apache2/bin/apachectl -k restart

DaveC426913
16 Nov 2010, 9:01 AM
Hi DaveC426913 (http://www.sencha.com/forum/member.php?160865-DaveC426913),

Did this allow your Ext.Ajax.request (below) to work okay? Does the web service you call return JSONP format, or standard JSON?


'Yes' and 'I don't know', respectively. (Actually, yes I do, It was returning XML; I had to convert it.)

Fortunately or unfortunately, depending on your philosophy, that whole system (hardware and API) is nearing end-of-life, so no more support. We are building a shiny new db and API. It will use JSON (or JSONP, I don't know the diff yet).

cavalleydude
16 Nov 2010, 9:13 AM
Okay, I'll try it. The whole cross-domain issue seems like it trips up lots of people. I've not seen a discussion that fully describes how to implement it. In fact, since all my supposedly "cross domain" calls are really "same domain" (between different hosts, but the same domain [ie. mycompany.com] ), it seems like the Apache change may be the right solution in this instance. I'll try it.

Thanks Dave!

topping
2 Sep 2012, 2:56 AM
# add these lines after the htdocs directory section
<Directory "/usr/local/apache2/htdocs/ws">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET,POST"
Header set Access-Control-Allow-Headers "x-prototype-version,x-requested-with"
</Directory>


This was perfect for what I am looking for. I my backend server is Java, so I don't want to rebuild and deploy every time I make a change. With httpd pointed directly at my source folder though, I need to do cross-origin to get to the server.

Adding access control to the source is bound to have them creep into production though. By doing this on my development workstation only, I am sure not to have that happen.

What I did was modify the /etc/apache2/users/`whoami`.conf on OS X. Depending on your configuration, adapt to taste.

Good find, thanks!