I'm trying to implement a cross domain solution for my rails app. I want people to be able to fill out a form on their site and the data will be passed back to my site through ajax, and their site gets updated. I'm looking for the best way to implement this. I would like to use a JSON approach like yahoo does, but i'm not sure if it will work. Though the form is pretty small (3 fields), one of them is a text field. With the JSON approach, i would probably have to escape the whole text field and pass the values in the url like : http://myrailsapp.com/controller/field_1_value/esc... Will this limit the amount of data that i can allow for the text field? Is there a better way to do cross domain ajax? I want to just let users include one or two scripts on their page and leave it at that. Thanks in advance.
on 2006-03-04 08:01
on 2006-03-04 18:15
On 3/3/06, Manish Shah <firstname.lastname@example.org> wrote: > I'm trying to implement a cross domain solution for my rails app. AFAIK, you can't. Browsers won't allow it, as that would leave users open to a major security hole. -- Regards, John Wilger http://johnwilger.com ----------- Alice came to a fork in the road. "Which road do I take?" she asked. "Where do you want to go?" responded the Cheshire cat. "I don't know," Alice answered. "Then," said the cat, "it doesn't matter." - Lewis Carrol, Alice in Wonderland
on 2006-03-04 19:55
So, maybe this reveals too much about me, but I read your message too quickly, and thought that "myrailsapp.com" was a "click here to see what I'm talking about" kind of link, instead of a "you know, this kind of URL". Except, it turns out that there *is* a "www.myrailsapp.com". Weird.
on 2006-03-04 20:19
on 2006-03-05 06:13
John is absolutely right. XMLHttpRequest calls can only be made within the domain. that's a restriction in the implementation and there's nothing you can do to go around that directly. however, if i understand your intentions correctly, you can always make an ajax call to the controller and have the controller do the talking to the other domain and have it report back to your ajax call, no? sebastian
on 2006-03-05 06:25
on 2006-03-05 08:19
on 2006-03-05 08:28
Have you used this with ruby on rails? I'm wondering if i shoul try to make this work with Action Web Services or just use http://myapp.com/controller/all/the/escaped/variables And define a route to an action that will split the url into @params. Will this work? I know this is limited by the maximum size of a url (2048 i believe), but thats a lot of room for what i'm trying to do. Have you checked out this class? http://www.json.org/json.js The yahoo page says it checks for valid json structure and could help with error checking.
on 2006-03-05 08:47
On 3/4/06, Manish Shah <email@example.com> wrote: > Have you used this with ruby on rails? I'm wondering if i shoul try to make > this work with Action Web Services or just use Yes, I'm doing it on Rails, but I don't think it really matters. It's just a bunch of custom JS to put on the client side first, but after that, the rest is normal rails. I'm not using edge rails, but I suspect you could use RJS and convert it to JSON for digestion pretty easily. > > http://myapp.com/controller/all/the/escaped/variables > > And define a route to an action that will split the url into @params. Will > this work? I know this is limited by the maximum size of a url (2048 i > believe), but thats a lot of room for what i'm trying to do. No reason to overwork the routing. You can pass parameters as part of the query string as well. > > Have you checked out this class? > > http://www.json.org/json.js > > The yahoo page says it checks for valid json structure and could help with > error checking. Validating JSON wasn't the problem. The trick is that the script tags are evaluated right away. If the JS is invalid, the browser will abort evaluation of the script. By using eval(), you can defer the evaluation until you're ready. But I dislike eval(), so I've made a compromise -- I send back an anonymous function as part of the remote script. As long as there are no syntax errors, the JS will evaluate correctly, and I can wrap the function (passed as an argument) with a try..catch block.
on 2006-03-05 10:05
this might be a stupid question, but how do i access the query string? if my url looks like: http://myapp.com/controller/action?var1=foo&var2=b... where does the stuff after the '?' go and how do i access it?
on 2006-03-05 10:14
It ends up in the @params instance variable.
on 2006-03-21 05:39
on 2006-03-21 18:57
That approach works if the user's browser is pointing at a domain that you have control over. But in this scenario, unless I've interpreted it wrong, the user's browser is pointing at another site/domain that is including the content (maybe via JS like the way that a lot of advertisers do it). In this situation, he won't be able to issue the AJAX request because it would be cross-domain. Although, one wonders -- why not just use an iframe in this situation?