Results 1 to 4 of 4

Thread: How to set defaultHeaders for ScriptTagProxy

  1. #1

    Default How to set defaultHeaders for ScriptTagProxy

    Is it possible to configure the Connection used by ScriptTagProxy? This is possible when configuring HttpProxy and I need to do the same to set defaultHeaders used by ScriptTagProxy in order to set Accept header. I think this is needed for implementing content-type negotiation when using RESTful architectures which make use of request redirection for resource de-referencing.

    Thanks in advance!

  2. #2
    Sencha User Animal's Avatar
    Join Date
    Mar 2007
    Location
    Bédoin/Nottingham
    Posts
    30,892

    Default

    You can't. ScriptTagProxy uses....... a script tag!

  3. #3

    Default

    So there's no way to use XSS and by-pass same-origin-policy?!

    Looking at the ScriptTagProxy source I've found it seems to use a connection object:

    var conn = this;

    window[trans.cb] = function(o){
    conn.handleResponse(o, trans);
    };

    There's no way to configure it?

    This security measure is a big clash between AJAX and RESTful architectures, as I wouldn't like to use the origin server as proxy for the request/redirect, letting the client stuff for the client

  4. #4
    Sencha User Animal's Avatar
    Join Date
    Mar 2007
    Location
    Bédoin/Nottingham
    Posts
    30,892

    Default

    No, it uses a script tag to get round the same origin policy. Hence its name.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •