| 1318 |
alexandre_ |
1 |
<!--
|
|
|
2 |
/*
|
|
|
3 |
Copyright (c) 2004-2006, The Dojo Foundation
|
|
|
4 |
All Rights Reserved.
|
|
|
5 |
|
|
|
6 |
Licensed under the Academic Free License version 2.1 or above OR the
|
|
|
7 |
modified BSD license. For more information on Dojo licensing, see:
|
|
|
8 |
|
|
|
9 |
http://dojotoolkit.org/community/licensing.shtml
|
|
|
10 |
*/
|
|
|
11 |
Pieces taken from Dojo source to make this file stand-alone
|
|
|
12 |
-->
|
|
|
13 |
<html>
|
|
|
14 |
<head>
|
|
|
15 |
<title></title>
|
|
|
16 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
|
|
|
17 |
<script type="text/javascript" src="isAllowed.js"></script>
|
|
|
18 |
<!--
|
|
|
19 |
BY DEFAULT THIS FILE DOES NOT WORK SO THAT YOU DON'T ACCIDENTALLY EXPOSE
|
|
|
20 |
ALL OF YOUR XHR-ENABLED SERVICES ON YOUR SITE.
|
|
|
21 |
|
|
|
22 |
In order for this file to work, you should define a function with the following signature:
|
|
|
23 |
|
|
|
24 |
function isAllowedRequest(request){
|
|
|
25 |
return false;
|
|
|
26 |
}
|
|
|
27 |
|
|
|
28 |
Return true out of the function if you want to allow the cross-domain request.
|
|
|
29 |
|
|
|
30 |
DON'T DEFINE THIS FUNCTION IN THIS FILE! Define it in a separate file called isAllowed.js
|
|
|
31 |
and include it in this page with a script tag that has a src attribute pointing to the file.
|
|
|
32 |
See the very first script tag in this file for an example. You do not have to place the
|
|
|
33 |
script file in the same directory as this file, just update the path above if you move it
|
|
|
34 |
somewhere else.
|
|
|
35 |
|
|
|
36 |
Customize the isAllowedRequest function to restrict what types of requests are allowed
|
|
|
37 |
for this server. The request object has the following properties:
|
|
|
38 |
- requestHeaders: an object with the request headers that are to be added to
|
|
|
39 |
the XHR request.
|
|
|
40 |
- method: the HTTP method (GET, POST, etc...)
|
|
|
41 |
- uri: The URI for the request.
|
|
|
42 |
- data: The URL-encoded data for the request. For a GET request, this would
|
|
|
43 |
be the querystring parameters. For a POST request, it wll be the
|
|
|
44 |
body data.
|
|
|
45 |
|
|
|
46 |
See xip_client.html for more info on the xip fragment identifier protocol.
|
|
|
47 |
-->
|
|
|
48 |
<script type="text/javascript">
|
|
|
49 |
// <!--
|
|
|
50 |
djConfig = {
|
|
|
51 |
parseWidgets: false,
|
|
|
52 |
baseScriptUri: "./"
|
|
|
53 |
}
|
|
|
54 |
// -->
|
|
|
55 |
</script>
|
|
|
56 |
<script type="text/javascript">
|
|
|
57 |
// <!--
|
|
|
58 |
//Core XHR handling taken from Dojo IO code.
|
|
|
59 |
dojo = {};
|
|
|
60 |
dojo.hostenv = {};
|
|
|
61 |
// These are in order of decreasing likelihood; this will change in time.
|
|
|
62 |
dojo.hostenv._XMLHTTP_PROGIDS = ['Msxml2.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.4.0'];
|
|
|
63 |
|
|
|
64 |
dojo.hostenv.getXmlhttpObject = function(){
|
|
|
65 |
var http = null;
|
|
|
66 |
var last_e = null;
|
|
|
67 |
try{ http = new XMLHttpRequest(); }catch(e){}
|
|
|
68 |
if(!http){
|
|
|
69 |
for(var i=0; i<3; ++i){
|
|
|
70 |
var progid = dojo.hostenv._XMLHTTP_PROGIDS[i];
|
|
|
71 |
try{
|
|
|
72 |
http = new ActiveXObject(progid);
|
|
|
73 |
}catch(e){
|
|
|
74 |
last_e = e;
|
|
|
75 |
}
|
|
|
76 |
|
|
|
77 |
if(http){
|
|
|
78 |
dojo.hostenv._XMLHTTP_PROGIDS = [progid]; // so faster next time
|
|
|
79 |
break;
|
|
|
80 |
}
|
|
|
81 |
}
|
|
|
82 |
|
|
|
83 |
/*if(http && !http.toString) {
|
|
|
84 |
http.toString = function() { "[object XMLHttpRequest]"; }
|
|
|
85 |
}*/
|
|
|
86 |
}
|
|
|
87 |
|
|
|
88 |
if(!http){
|
|
|
89 |
throw "xip_server.html: XMLHTTP not available: " + last_e;
|
|
|
90 |
}
|
|
|
91 |
|
|
|
92 |
return http;
|
|
|
93 |
}
|
|
|
94 |
|
|
|
95 |
dojo.setHeaders = function(http, headers){
|
|
|
96 |
if(headers) {
|
|
|
97 |
for(var header in headers) {
|
|
|
98 |
var headerValue = headers[header];
|
|
|
99 |
http.setRequestHeader(header, headerValue);
|
|
|
100 |
}
|
|
|
101 |
}
|
|
|
102 |
}
|
|
|
103 |
|
|
|
104 |
//MSIE has the lowest limit for URLs with fragment identifiers,
|
|
|
105 |
//at around 4K. Choosing a slightly smaller number for good measure.
|
|
|
106 |
xipUrlLimit = 4000;
|
|
|
107 |
xipIdCounter = 1;
|
|
|
108 |
|
|
|
109 |
function xipServerInit(){
|
|
|
110 |
xipStateId = "";
|
|
|
111 |
xipCurrentHash = "";
|
|
|
112 |
xipRequestMessage = "";
|
|
|
113 |
xipResponseParts = [];
|
|
|
114 |
xipPartIndex = 0;
|
|
|
115 |
}
|
|
|
116 |
|
|
|
117 |
function pollHash(){
|
|
|
118 |
//Can't use location.hash because at least Firefox does a decodeURIComponent on it.
|
|
|
119 |
var urlParts = window.location.href.split("#");
|
|
|
120 |
if(urlParts.length == 2){
|
|
|
121 |
var newHash = urlParts[1];
|
|
|
122 |
if(newHash != xipCurrentHash){
|
|
|
123 |
try{
|
|
|
124 |
messageReceived(newHash);
|
|
|
125 |
}catch(e){
|
|
|
126 |
//Make sure to not keep processing the error hash value.
|
|
|
127 |
xipCurrentHash = newHash;
|
|
|
128 |
throw e;
|
|
|
129 |
}
|
|
|
130 |
xipCurrentHash = newHash;
|
|
|
131 |
}
|
|
|
132 |
}
|
|
|
133 |
}
|
|
|
134 |
|
|
|
135 |
function messageReceived(encodedData){
|
|
|
136 |
var msg = unpackMessage(encodedData);
|
|
|
137 |
|
|
|
138 |
switch(msg.command){
|
|
|
139 |
case "ok":
|
|
|
140 |
sendResponsePart();
|
|
|
141 |
break;
|
|
|
142 |
case "start":
|
|
|
143 |
xipRequestMessage = "";
|
|
|
144 |
xipRequestMessage += msg.message;
|
|
|
145 |
setClientUrl("ok");
|
|
|
146 |
break;
|
|
|
147 |
case "part":
|
|
|
148 |
xipRequestMessage += msg.message;
|
|
|
149 |
setClientUrl("ok");
|
|
|
150 |
break;
|
|
|
151 |
case "end":
|
|
|
152 |
setClientUrl("ok");
|
|
|
153 |
xipRequestMessage += msg.message;
|
|
|
154 |
sendXhr();
|
|
|
155 |
break;
|
|
|
156 |
}
|
|
|
157 |
}
|
|
|
158 |
|
|
|
159 |
function sendResponse(encodedData){
|
|
|
160 |
//Break the message into parts, if necessary.
|
|
|
161 |
xipResponseParts = [];
|
|
|
162 |
var resData = encodedData;
|
|
|
163 |
var urlLength = xipClientUrl.length;
|
|
|
164 |
var partLength = xipUrlLimit - urlLength;
|
|
|
165 |
var resIndex = 0;
|
|
|
166 |
|
|
|
167 |
while((resData.length - resIndex) + urlLength > xipUrlLimit){
|
|
|
168 |
var part = resData.substring(resIndex, resIndex + partLength);
|
|
|
169 |
//Safari will do some extra hex escaping unless we keep the original hex
|
|
|
170 |
//escaping complete.
|
|
|
171 |
var percentIndex = part.lastIndexOf("%");
|
|
|
172 |
if(percentIndex == part.length - 1 || percentIndex == part.length - 2){
|
|
|
173 |
part = part.substring(0, percentIndex);
|
|
|
174 |
}
|
|
|
175 |
xipResponseParts.push(part);
|
|
|
176 |
resIndex += part.length;
|
|
|
177 |
}
|
|
|
178 |
xipResponseParts.push(resData.substring(resIndex, resData.length));
|
|
|
179 |
|
|
|
180 |
xipPartIndex = 0;
|
|
|
181 |
sendResponsePart();
|
|
|
182 |
}
|
|
|
183 |
|
|
|
184 |
function sendResponsePart(){
|
|
|
185 |
if(xipPartIndex < xipResponseParts.length){
|
|
|
186 |
//Get the message part.
|
|
|
187 |
var partData = xipResponseParts[xipPartIndex];
|
|
|
188 |
|
|
|
189 |
//Get the command.
|
|
|
190 |
var cmd = "part";
|
|
|
191 |
if(xipPartIndex + 1 == xipResponseParts.length){
|
|
|
192 |
cmd = "end";
|
|
|
193 |
}else if (xipPartIndex == 0){
|
|
|
194 |
cmd = "start";
|
|
|
195 |
}
|
|
|
196 |
|
|
|
197 |
setClientUrl(cmd, partData);
|
|
|
198 |
xipPartIndex++;
|
|
|
199 |
}else{
|
|
|
200 |
xipServerInit();
|
|
|
201 |
}
|
|
|
202 |
}
|
|
|
203 |
|
|
|
204 |
function setClientUrl(cmd, message){
|
|
|
205 |
var clientUrl = makeClientUrl(cmd, message);
|
|
|
206 |
//Safari won't let us replace across domains.
|
|
|
207 |
if(navigator.userAgent.indexOf("Safari") == -1){
|
|
|
208 |
parent.location.replace(clientUrl);
|
|
|
209 |
}else{
|
|
|
210 |
parent.location = clientUrl;
|
|
|
211 |
}
|
|
|
212 |
}
|
|
|
213 |
|
|
|
214 |
function makeClientUrl(cmd, message){
|
|
|
215 |
var clientUrl = xipClientUrl + "#" + (xipIdCounter++) + ":" + cmd;
|
|
|
216 |
if(message){
|
|
|
217 |
clientUrl += ":" + message;
|
|
|
218 |
}
|
|
|
219 |
return clientUrl
|
|
|
220 |
}
|
|
|
221 |
|
|
|
222 |
function xhrDone(xhr){
|
|
|
223 |
/* Need to pull off and return the following data:
|
|
|
224 |
- responseHeaders
|
|
|
225 |
- status
|
|
|
226 |
- statusText
|
|
|
227 |
- responseText
|
|
|
228 |
*/
|
|
|
229 |
var response = {};
|
|
|
230 |
|
|
|
231 |
if(typeof(xhr.getAllResponseHeaders) != "undefined"){
|
|
|
232 |
var allHeaders = xhr.getAllResponseHeaders();
|
|
|
233 |
if(allHeaders){
|
|
|
234 |
response.responseHeaders = allHeaders;
|
|
|
235 |
}
|
|
|
236 |
}
|
|
|
237 |
|
|
|
238 |
if(xhr.status == 0 || xhr.status){
|
|
|
239 |
response.status = xhr.status;
|
|
|
240 |
}
|
|
|
241 |
|
|
|
242 |
if(xhr.statusText){
|
|
|
243 |
response.statusText = xhr.statusText;
|
|
|
244 |
}
|
|
|
245 |
|
|
|
246 |
if(xhr.responseText){
|
|
|
247 |
response.responseText = xhr.responseText;
|
|
|
248 |
}
|
|
|
249 |
|
|
|
250 |
//Build a string of the response object.
|
|
|
251 |
var result = "";
|
|
|
252 |
var isFirst = true;
|
|
|
253 |
for (var param in response){
|
|
|
254 |
if(isFirst){
|
|
|
255 |
isFirst = false;
|
|
|
256 |
}else{
|
|
|
257 |
result += "&";
|
|
|
258 |
}
|
|
|
259 |
result += param + "=" + encodeURIComponent(response[param]);
|
|
|
260 |
}
|
|
|
261 |
sendResponse(result);
|
|
|
262 |
}
|
|
|
263 |
|
|
|
264 |
function sendXhr(){
|
|
|
265 |
var request = {};
|
|
|
266 |
var nvPairs = xipRequestMessage.split("&");
|
|
|
267 |
var i = 0;
|
|
|
268 |
var nameValue = null;
|
|
|
269 |
for(i = 0; i < nvPairs.length; i++){
|
|
|
270 |
if(nvPairs[i]){
|
|
|
271 |
var nameValue = nvPairs[i].split("=");
|
|
|
272 |
request[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]);
|
|
|
273 |
}
|
|
|
274 |
}
|
|
|
275 |
|
|
|
276 |
//Split up the request headers, if any.
|
|
|
277 |
var headers = {};
|
|
|
278 |
if(request.requestHeaders){
|
|
|
279 |
nvPairs = request.requestHeaders.split("\r\n");
|
|
|
280 |
for(i = 0; i < nvPairs.length; i++){
|
|
|
281 |
if(nvPairs[i]){
|
|
|
282 |
nameValue = nvPairs[i].split(": ");
|
|
|
283 |
headers[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]);
|
|
|
284 |
}
|
|
|
285 |
}
|
|
|
286 |
|
|
|
287 |
request.requestHeaders = headers;
|
|
|
288 |
}
|
|
|
289 |
|
|
|
290 |
if(isAllowedRequest(request)){
|
|
|
291 |
|
|
|
292 |
//The request is allowed, so set up the XHR object.
|
|
|
293 |
var xhr = dojo.hostenv.getXmlhttpObject();
|
|
|
294 |
|
|
|
295 |
//Start timer to look for readyState.
|
|
|
296 |
var xhrIntervalId = setInterval(function(){
|
|
|
297 |
|
|
|
298 |
if(xhr.readyState == 4){
|
|
|
299 |
clearInterval(xhrIntervalId);
|
|
|
300 |
xhrDone(xhr);
|
|
|
301 |
}
|
|
|
302 |
}, 10);
|
|
|
303 |
|
|
|
304 |
//Actually start up the XHR request.
|
|
|
305 |
xhr.open(request.method, request.uri, true);
|
|
|
306 |
dojo.setHeaders(xhr, request.requestHeaders);
|
|
|
307 |
|
|
|
308 |
var content = "";
|
|
|
309 |
if(request.data){
|
|
|
310 |
content = request.data;
|
|
|
311 |
}
|
|
|
312 |
|
|
|
313 |
try{
|
|
|
314 |
xhr.send(content);
|
|
|
315 |
}catch(e){
|
|
|
316 |
if(typeof xhr.abort == "function"){
|
|
|
317 |
xhr.abort();
|
|
|
318 |
xhrDone({status: 404, statusText: "xip_server.html error: " + e});
|
|
|
319 |
}
|
|
|
320 |
}
|
|
|
321 |
}
|
|
|
322 |
}
|
|
|
323 |
|
|
|
324 |
function unpackMessage(encodedMessage){
|
|
|
325 |
var parts = encodedMessage.split(":");
|
|
|
326 |
var command = parts[1];
|
|
|
327 |
encodedMessage = parts[2] || "";
|
|
|
328 |
|
|
|
329 |
var config = null;
|
|
|
330 |
if(command == "init"){
|
|
|
331 |
var configParts = encodedMessage.split("&");
|
|
|
332 |
config = {};
|
|
|
333 |
for(var i = 0; i < configParts.length; i++){
|
|
|
334 |
var nameValue = configParts[i].split("=");
|
|
|
335 |
config[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]);
|
|
|
336 |
}
|
|
|
337 |
}
|
|
|
338 |
return {command: command, message: encodedMessage, config: config};
|
|
|
339 |
}
|
|
|
340 |
|
|
|
341 |
function onServerLoad(){
|
|
|
342 |
xipServerInit();
|
|
|
343 |
|
|
|
344 |
//Decode the init params
|
|
|
345 |
var config = unpackMessage(window.location.href.split("#")[1]).config;
|
|
|
346 |
|
|
|
347 |
xipStateId = config.id;
|
|
|
348 |
xipClientUrl = config.client;
|
|
|
349 |
xipUseFrameRecursion = config["fr"];
|
|
|
350 |
|
|
|
351 |
setInterval(pollHash, 10);
|
|
|
352 |
|
|
|
353 |
if(xipUseFrameRecursion == "true"){
|
|
|
354 |
var serverUrl = window.location.href.split("#")[0];
|
|
|
355 |
document.getElementById("iframeHolder").innerHTML = '<iframe src="'
|
|
|
356 |
+ makeClientUrl("init", 'id=' + xipStateId + '&server=' + encodeURIComponent(serverUrl)
|
|
|
357 |
+ '&fr=endpoint') + '" name="' + xipStateId + '_clientEndPoint"></iframe>';
|
|
|
358 |
}else{
|
|
|
359 |
setClientUrl("loaded");
|
|
|
360 |
}
|
|
|
361 |
}
|
|
|
362 |
|
|
|
363 |
if(typeof(window.addEventListener) == "undefined"){
|
|
|
364 |
window.attachEvent("onload", onServerLoad);
|
|
|
365 |
}else{
|
|
|
366 |
window.addEventListener('load', onServerLoad, false);
|
|
|
367 |
}
|
|
|
368 |
// -->
|
|
|
369 |
</script>
|
|
|
370 |
</head>
|
|
|
371 |
<body>
|
|
|
372 |
<h4>The Dojo Toolkit -- xip_server.html</h4>
|
|
|
373 |
|
|
|
374 |
<p>This file is used for Dojo's XMLHttpRequest Iframe Proxy. This is the the file
|
|
|
375 |
that should go on the server that will actually be doing the XHR request.</p>
|
|
|
376 |
<div id="iframeHolder"></div>
|
|
|
377 |
</body>
|
|
|
378 |
</html>
|