Subversion Repositories Applications.papyrus

Rev

Rev 1318 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 1318 Rev 1422
Line 17... Line 17...
17
	<script type="text/javascript" src="isAllowed.js"></script>
17
	<script type="text/javascript" src="isAllowed.js"></script>
18
	<!--
18
	<!--
19
	BY DEFAULT THIS FILE DOES NOT WORK SO THAT YOU DON'T ACCIDENTALLY EXPOSE
19
	BY DEFAULT THIS FILE DOES NOT WORK SO THAT YOU DON'T ACCIDENTALLY EXPOSE
20
	ALL OF YOUR XHR-ENABLED SERVICES ON YOUR SITE. 
20
	ALL OF YOUR XHR-ENABLED SERVICES ON YOUR SITE. 
Line -... Line 21...
-
 
21
	
21
	
22
	In order for this file to work, you need to uncomment the script element,
Line 22... Line 23...
22
	In order for this file to work, you should define a function with the following signature:
23
	and you should define a function with the following signature:
23
	
24
	
24
	function isAllowedRequest(request){
25
	function isAllowedRequest(request){
Line 43... Line 44...
43
	        be the querystring parameters. For a POST request, it wll be the
44
	        be the querystring parameters. For a POST request, it wll be the
44
	        body data.
45
	        body data.
Line 45... Line 46...
45
	        
46
	        
46
	See xip_client.html for more info on the xip fragment identifier protocol.	
47
	See xip_client.html for more info on the xip fragment identifier protocol.	
47
	-->
-
 
48
	<script type="text/javascript">
-
 
49
	// <!--
-
 
50
	djConfig = {
-
 
51
		parseWidgets: false,
-
 
52
		baseScriptUri: "./"
48
	-->
53
	}
-
 
54
	// -->
49
	
55
	</script>
50
	<!-- Security protection: uncomment the script tag to enable. -->
56
	<script type="text/javascript">
51
	<!-- script type="text/javascript" -->
57
	// <!--
52
	// <!--
58
		//Core XHR handling taken from Dojo IO code.
53
		//Core XHR handling taken from Dojo IO code.
59
		dojo = {};
54
		dojo = {};
60
		dojo.hostenv = {};
55
		dojo.hostenv = {};
Line 344... Line 339...
344
		//Decode the init params
339
		//Decode the init params
345
		var config = unpackMessage(window.location.href.split("#")[1]).config;
340
		var config = unpackMessage(window.location.href.split("#")[1]).config;
Line 346... Line 341...
346
 
341
 
347
		xipStateId = config.id;
342
		xipStateId = config.id;
-
 
343
		xipClientUrl = config.client;
-
 
344
		
-
 
345
		//Make sure we don't have a javascript: url, just for good measure.
-
 
346
		if(xipClientUrl.split(":")[0].match(/javascript/i)){
-
 
347
			throw "Invalid client URL";
-
 
348
		}
-
 
349
		if(!xipStateId.match(/^XhrIframeProxy[0-9]+$/)){
-
 
350
			throw "Invalid state ID";
-
 
351
		}
348
		xipClientUrl = config.client;
352
 
Line 349... Line 353...
349
		xipUseFrameRecursion = config["fr"];
353
		xipUseFrameRecursion = config["fr"];
Line 350... Line 354...
350
 
354
 
351
		setInterval(pollHash, 10);
355
		setInterval(pollHash, 10);
352
		
356
		
-
 
357
		if(xipUseFrameRecursion == "true"){
-
 
358
			var serverUrl = window.location.href.split("#")[0];
-
 
359
			document.getElementById("iframeHolder").innerHTML = '<iframe name="'
-
 
360
				+ xipStateId + '_clientEndPoint'
353
		if(xipUseFrameRecursion == "true"){
361
				+ '" src="javascript:false">'
354
			var serverUrl = window.location.href.split("#")[0];
362
				+ '</iframe>';
355
			document.getElementById("iframeHolder").innerHTML = '<iframe src="'
363
			var iframeNode = document.getElementsByTagName("iframe")[0];
356
				+ makeClientUrl("init", 'id=' + xipStateId + '&server=' + encodeURIComponent(serverUrl)
364
			iframeNode.src = makeClientUrl("init", 'id=' + xipStateId + '&server='
357
				+ '&fr=endpoint') + '" name="' + xipStateId + '_clientEndPoint"></iframe>';
365
				+ encodeURIComponent(serverUrl) + '&fr=endpoint');
358
		}else{
366
		}else{