diff options
Diffstat (limited to 'includes/js/dojox/io/proxy')
-rw-r--r-- | includes/js/dojox/io/proxy/README | 82 | ||||
-rw-r--r-- | includes/js/dojox/io/proxy/tests/frag.xml | 4 | ||||
-rw-r--r-- | includes/js/dojox/io/proxy/tests/xip.html | 62 | ||||
-rw-r--r-- | includes/js/dojox/io/proxy/xip.js | 441 | ||||
-rw-r--r-- | includes/js/dojox/io/proxy/xip_client.html | 102 | ||||
-rw-r--r-- | includes/js/dojox/io/proxy/xip_server.html | 382 |
6 files changed, 1073 insertions, 0 deletions
diff --git a/includes/js/dojox/io/proxy/README b/includes/js/dojox/io/proxy/README new file mode 100644 index 0000000..8898a56 --- /dev/null +++ b/includes/js/dojox/io/proxy/README @@ -0,0 +1,82 @@ +------------------------------------------------------------------------------- +Project Name +------------------------------------------------------------------------------- +Version 0.6 +Release date: 01/31/2008 +------------------------------------------------------------------------------- +Project state: +experimental +------------------------------------------------------------------------------- +Credits + James Burke (jburke@dojotoolkit.org) +------------------------------------------------------------------------------- +Project description + +The XHR IFrame Proxy (xip) allows you to do cross-domain XMLHttpRequests (XHRs). +It works by using two iframes, one your domain (xip_client.html), one on the +other domain (xip_server.html). They use fragment IDs in the iframe URLs to pass +messages to each other. The xip.js file defines dojox.io.proxy.xip. This module +intercepts XHR calls made by the Dojo XHR methods (dojo.xhr* methods). The module +returns a facade object that acts like an XHR object. Once send is called on the +facade, the facade's data is serialized, given to xip_client.html. xip_client.html +then passes the serialized data to xip_server.html by changing xip_server.html's +URL fragment ID (the #xxxx part of an URL). xip_server.html deserializes the +message fragments, and does an XHR call, gets the response, and serializes the +data. The serialized data is then passed back to xip_client.html by changing +xip_client.html's fragment ID. Then the response is deserialized and used as +the response inside the facade XHR object that was created by dojox.io.proxy.xip. +------------------------------------------------------------------------------- +Dependencies: + +xip.js: Dojo Core, dojox.data.dom +xip_client.html: none +xip_server.html: none (but see Additional Notes section) +------------------------------------------------------------------------------- +Documentation + +There is some documentation that applies to the Dojo 0.4.x version of these files: +http://dojotoolkit.org/book/dojo-book-0-4/part-5-connecting-pieces/i-o/cross-domain-xmlhttprequest-using-iframe-proxy + +The general theory still applies to this code, but the specifics are different +for the Dojo 0.9+ codebase. Doc updates hopefully after the basic code is ported. + +The current implementation destroys the iframes used for a request after the request +completes. This seems to cause a memory leak, particularly in IE. So, it is not +suited for doing polling cross-domain requests. +------------------------------------------------------------------------------- +Installation instructions + +Grab the following from the Dojox SVN Repository: +http://svn.dojotoolkit.org/var/src/dojo/dojox/trunk/io/proxy/xip.js +http://svn.dojotoolkit.org/var/src/dojo/dojox/trunk/io/proxy/xip_client.html + +Install into the following directory structure: +/dojox/io/proxy/ + +...which should be at the same level as your Dojo checkout. + +Grab the following from the Dojox SVN Repository: +http://svn.dojotoolkit.org/var/src/dojo/dojox/trunk/io/proxy/xip_server.html + +and install it on the domain that you want to allow receiving cross-domain +requests. Be sure to read the documentation, the Additional Notes below, and +the in-file comments. +------------------------------------------------------------------------------- +Additional Notes + +xip_client.html and xip_server.html do not work right away. You need to uncomment +out the script tags in the files. Additionally, xip_server.html requires a JS file, +isAllowed.js, to be defined. See the notes in xip_server.html for more informaiton. + +XDOMAIN BUILD INSTRUCTIONS: +The dojox.io.proxy module requires some setup to use with an xdomain build. +The xip_client.html file has to be served from the same domain as your web page. +It cannot be served from the domain that has the xdomain build. Download xip_client.html +and install it on your server. Then set djConfig.xipClientUrl to the local path +of xip_client.html (just use a path, not a whole URL, since it will be on the same +domain as the page). The path to the file should be the path relative to the web +page that is using dojox.io.proxy. + + + + diff --git a/includes/js/dojox/io/proxy/tests/frag.xml b/includes/js/dojox/io/proxy/tests/frag.xml new file mode 100644 index 0000000..6904bba --- /dev/null +++ b/includes/js/dojox/io/proxy/tests/frag.xml @@ -0,0 +1,4 @@ +<response> +<foo>This is the foo text node value</foo> +<bar>This is the bar text node value</bar> +</response> diff --git a/includes/js/dojox/io/proxy/tests/xip.html b/includes/js/dojox/io/proxy/tests/xip.html new file mode 100644 index 0000000..5a5ba5f --- /dev/null +++ b/includes/js/dojox/io/proxy/tests/xip.html @@ -0,0 +1,62 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + <title>XHR IFrame Proxy Tests</title> + <style type="text/css"> + @import "../../../../dojo/resources/dojo.css"; + @import "../../../../dijit/themes/tundra/tundra.css"; + @import "../../../../dijit/themes/dijit.css"; + </style> + + <script type="text/javascript" src="../../../../dojo/dojo.js" + djConfig="isDebug:true"></script> + <script type="text/javascript" src="../xip.js"></script> + <script type="text/javascript"> + dojo.require("dojox.io.proxy.xip"); + + function testXmlGet(){ +/* + //Normal xhrGet call. + dojo.xhrGet({ + url: "frag.xml", + handleAs: "xml", + load: function(result, ioArgs){ + var foo = result.getElementsByTagName("foo").item(0); + + dojo.byId("xmlGetOut").innerHTML = "Success: First foobar value is: " + foo.firstChild.nodeValue; + } + }); +*/ + + //xip xhrGet call. + dojo.xhrGet({ + iframeProxyUrl: "../xip_server.html", + url: "tests/frag.xml", + handleAs: "xml", + load: function(result, ioArgs){ + var foo = result.getElementsByTagName("foo").item(0); + + dojo.byId("xmlGetOut").innerHTML = "Success: First foobar value is: " + foo.firstChild.nodeValue; + } + }); + + } + + dojo.addOnLoad(function(){ + + }); + </script> +</head> +<body class="tundra"> + +<h1>XHR IFrame Proxy Tests</h1> +<p>Run this test from a web server, not from local disk.</p> + +<p> +<button onclick="testXmlGet()">Test XML GET</button> +</p> +<div id="xmlGetOut"></div> + +</body> +</html> diff --git a/includes/js/dojox/io/proxy/xip.js b/includes/js/dojox/io/proxy/xip.js new file mode 100644 index 0000000..b88d910 --- /dev/null +++ b/includes/js/dojox/io/proxy/xip.js @@ -0,0 +1,441 @@ +if(!dojo._hasResource["dojox.io.proxy.xip"]){ //_hasResource checks added by build. Do not use _hasResource directly in your code. +dojo._hasResource["dojox.io.proxy.xip"] = true; +dojo.provide("dojox.io.proxy.xip"); + +dojo.require("dojo.io.iframe"); +dojo.require("dojox.data.dom"); + +dojox.io.proxy.xip = { + //summary: Object that implements the iframe handling for XMLHttpRequest + //IFrame Proxying. + //description: Do not use this object directly. See the Dojo Book page + //on XMLHttpRequest IFrame Proxying: + //http://dojotoolkit.org/book/dojo-book-0-4/part-5-connecting-pieces/i-o/cross-domain-xmlhttprequest-using-iframe-proxy + //Usage of XHR IFrame Proxying does not work from local disk in Safari. + + /* + This code is really focused on just sending one complete request to the server, and + receiving one complete response per iframe. The code does not expect to reuse iframes for multiple XHR request/response + sequences. This might be reworked later if performance indicates a need for it. + + xip fragment identifier/hash values have the form: + #id:cmd:realEncodedMessage + + id: some ID that should be unique among message fragments. No inherent meaning, + just something to make sure the hash value is unique so the message + receiver knows a new message is available. + + cmd: command to the receiver. Valid values are: + - init: message used to init the frame. Sent as the first URL when loading + the page. Contains some config parameters. + - loaded: the remote frame is loaded. Only sent from xip_client.html to this module. + - ok: the message that this page sent was received OK. The next message may + now be sent. + - start: the start message of a block of messages (a complete message may + need to be segmented into many messages to get around the limitiations + of the size of an URL that a browser accepts. + - part: indicates this is a part of a message. + - end: the end message of a block of messages. The message can now be acted upon. + If the message is small enough that it doesn't need to be segmented, then + just one hash value message can be sent with "end" as the command. + + To reassemble a segmented message, the realEncodedMessage parts just have to be concatenated + together. + */ + + xipClientUrl: ((dojo.config || djConfig)["xipClientUrl"]) || dojo.moduleUrl("dojox.io.proxy", "xip_client.html"), + + + //MSIE has the lowest limit for URLs with fragment identifiers, + //at around 4K. Choosing a slightly smaller number for good measure. + urlLimit: 4000, + + _callbackName: (dojox._scopeName || "dojox") + ".io.proxy.xip.fragmentReceived", + _state: {}, + _stateIdCounter: 0, + _isWebKit: navigator.userAgent.indexOf("WebKit") != -1, + + + send: function(/*Object*/facade){ + //summary: starts the xdomain request using the provided facade. + //This method first does some init work, then delegates to _realSend. + + var url = this.xipClientUrl; + //Make sure we are not dealing with javascript urls, just to be safe. + if(url.split(":")[0].match(/javascript/i) || facade._ifpServerUrl.split(":")[0].match(/javascript/i)){ + return; + } + + //Make xip_client a full URL. + var colonIndex = url.indexOf(":"); + var slashIndex = url.indexOf("/"); + if(colonIndex == -1 || slashIndex < colonIndex){ + //No colon or we are starting with a / before a colon, so we need to make a full URL. + var loc = window.location.href; + if(slashIndex == 0){ + //Have a full path, just need the domain. + url = loc.substring(0, loc.indexOf("/", 9)) + url; //Using 9 to get past http(s):// + }else{ + url = loc.substring(0, (loc.lastIndexOf("/") + 1)) + url; + } + } + this.fullXipClientUrl = url; + + //Set up an HTML5 messaging listener if postMessage exists. + //As of this writing, this is only useful to get Opera 9.25+ to work. + if(typeof document.postMessage != "undefined"){ + document.addEventListener("message", dojo.hitch(this, this.fragmentReceivedEvent), false); + } + + //Now that we did first time init, always use the realSend method. + this.send = this._realSend; + return this._realSend(facade); //Object + }, + + _realSend: function(facade){ + //summary: starts the actual xdomain request using the provided facade. + var stateId = "XhrIframeProxy" + (this._stateIdCounter++); + facade._stateId = stateId; + + var frameUrl = facade._ifpServerUrl + "#0:init:id=" + stateId + "&client=" + + encodeURIComponent(this.fullXipClientUrl) + "&callback=" + encodeURIComponent(this._callbackName); + + this._state[stateId] = { + facade: facade, + stateId: stateId, + clientFrame: dojo.io.iframe.create(stateId, "", frameUrl), + isSending: false, + serverUrl: facade._ifpServerUrl, + requestData: null, + responseMessage: "", + requestParts: [], + idCounter: 1, + partIndex: 0, + serverWindow: null + }; + + return stateId; //Object + }, + + receive: function(/*String*/stateId, /*String*/urlEncodedData){ + /* urlEncodedData should have the following params: + - responseHeaders + - status + - statusText + - responseText + */ + //Decode response data. + var response = {}; + var nvPairs = urlEncodedData.split("&"); + for(var i = 0; i < nvPairs.length; i++){ + if(nvPairs[i]){ + var nameValue = nvPairs[i].split("="); + response[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]); + } + } + + //Set data on facade object. + var state = this._state[stateId]; + var facade = state.facade; + + facade._setResponseHeaders(response.responseHeaders); + if(response.status == 0 || response.status){ + facade.status = parseInt(response.status, 10); + } + if(response.statusText){ + facade.statusText = response.statusText; + } + if(response.responseText){ + facade.responseText = response.responseText; + + //Fix responseXML. + var contentType = facade.getResponseHeader("Content-Type"); + if(contentType){ + var mimeType = contentType.split(";")[0]; + if(mimeType.indexOf("application/xml") == 0 || mimeType.indexOf("text/xml") == 0){ + facade.responseXML = dojox.data.dom.createDocument(response.responseText, contentType); + } + } + } + facade.readyState = 4; + + this.destroyState(stateId); + }, + + frameLoaded: function(/*String*/stateId){ + var state = this._state[stateId]; + var facade = state.facade; + + var reqHeaders = []; + for(var param in facade._requestHeaders){ + reqHeaders.push(param + ": " + facade._requestHeaders[param]); + } + + var requestData = { + uri: facade._uri + }; + if(reqHeaders.length > 0){ + requestData.requestHeaders = reqHeaders.join("\r\n"); + } + if(facade._method){ + requestData.method = facade._method; + } + if(facade._bodyData){ + requestData.data = facade._bodyData; + } + + this.sendRequest(stateId, dojo.objectToQuery(requestData)); + }, + + destroyState: function(/*String*/stateId){ + var state = this._state[stateId]; + if(state){ + delete this._state[stateId]; + var parentNode = state.clientFrame.parentNode; + parentNode.removeChild(state.clientFrame); + state.clientFrame = null; + state = null; + } + }, + + createFacade: function(){ + if(arguments && arguments[0] && arguments[0].iframeProxyUrl){ + return new dojox.io.proxy.xip.XhrIframeFacade(arguments[0].iframeProxyUrl); + }else{ + return dojox.io.proxy.xip._xhrObjOld.apply(dojo, arguments); + } + }, + + //**** State-bound methods **** + sendRequest: function(stateId, encodedData){ + var state = this._state[stateId]; + if(!state.isSending){ + state.isSending = true; + + state.requestData = encodedData || ""; + + //Get a handle to the server iframe. + state.serverWindow = frames[state.stateId]; + if (!state.serverWindow){ + state.serverWindow = document.getElementById(state.stateId).contentWindow; + } + + //Make sure we have contentWindow, but only do this for non-postMessage + //browsers (right now just opera is postMessage). + if(typeof document.postMessage == "undefined"){ + if(state.serverWindow.contentWindow){ + state.serverWindow = state.serverWindow.contentWindow; + } + } + + this.sendRequestStart(stateId); + } + }, + + sendRequestStart: function(stateId){ + //Break the message into parts, if necessary. + var state = this._state[stateId]; + state.requestParts = []; + var reqData = state.requestData; + var urlLength = state.serverUrl.length; + var partLength = this.urlLimit - urlLength; + var reqIndex = 0; + + while((reqData.length - reqIndex) + urlLength > this.urlLimit){ + var part = reqData.substring(reqIndex, reqIndex + partLength); + //Safari will do some extra hex escaping unless we keep the original hex + //escaping complete. + var percentIndex = part.lastIndexOf("%"); + if(percentIndex == part.length - 1 || percentIndex == part.length - 2){ + part = part.substring(0, percentIndex); + } + state.requestParts.push(part); + reqIndex += part.length; + } + state.requestParts.push(reqData.substring(reqIndex, reqData.length)); + + state.partIndex = 0; + this.sendRequestPart(stateId); + + }, + + sendRequestPart: function(stateId){ + var state = this._state[stateId]; + + if(state.partIndex < state.requestParts.length){ + //Get the message part. + var partData = state.requestParts[state.partIndex]; + + //Get the command. + var cmd = "part"; + if(state.partIndex + 1 == state.requestParts.length){ + cmd = "end"; + }else if (state.partIndex == 0){ + cmd = "start"; + } + + this.setServerUrl(stateId, cmd, partData); + state.partIndex++; + } + }, + + setServerUrl: function(stateId, cmd, message){ + var serverUrl = this.makeServerUrl(stateId, cmd, message); + var state = this._state[stateId]; + + //Safari won't let us replace across domains. + if(this._isWebKit){ + state.serverWindow.location = serverUrl; + }else{ + state.serverWindow.location.replace(serverUrl); + } + }, + + makeServerUrl: function(stateId, cmd, message){ + var state = this._state[stateId]; + var serverUrl = state.serverUrl + "#" + (state.idCounter++) + ":" + cmd; + if(message){ + serverUrl += ":" + message; + } + return serverUrl; + }, + + fragmentReceivedEvent: function(evt){ + //summary: HTML5 document messaging endpoint. Unpack the event to see + //if we want to use it. + if(evt.uri.split("#")[0] == this.fullXipClientUrl){ + this.fragmentReceived(evt.data); + } + }, + + fragmentReceived: function(frag){ + var index = frag.indexOf("#"); + var stateId = frag.substring(0, index); + var encodedData = frag.substring(index + 1, frag.length); + + var msg = this.unpackMessage(encodedData); + var state = this._state[stateId]; + + switch(msg.command){ + case "loaded": + this.frameLoaded(stateId); + break; + case "ok": + this.sendRequestPart(stateId); + break; + case "start": + state.responseMessage = "" + msg.message; + this.setServerUrl(stateId, "ok"); + break; + case "part": + state.responseMessage += msg.message; + this.setServerUrl(stateId, "ok"); + break; + case "end": + this.setServerUrl(stateId, "ok"); + state.responseMessage += msg.message; + this.receive(stateId, state.responseMessage); + break; + } + }, + + unpackMessage: function(encodedMessage){ + var parts = encodedMessage.split(":"); + var command = parts[1]; + encodedMessage = parts[2] || ""; + + var config = null; + if(command == "init"){ + var configParts = encodedMessage.split("&"); + config = {}; + for(var i = 0; i < configParts.length; i++){ + var nameValue = configParts[i].split("="); + config[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]); + } + } + return {command: command, message: encodedMessage, config: config}; + } +} + +//Replace the normal XHR factory with the proxy one. +dojox.io.proxy.xip._xhrObjOld = dojo._xhrObj; +dojo._xhrObj = dojox.io.proxy.xip.createFacade; + +/** + Using this a reference: http://www.w3.org/TR/XMLHttpRequest/ + + Does not implement the onreadystate callback since dojo.xhr* does + not use it. +*/ +dojox.io.proxy.xip.XhrIframeFacade = function(ifpServerUrl){ + //summary: XMLHttpRequest facade object used by dojox.io.proxy.xip. + + //description: Do not use this object directly. See the Dojo Book page + //on XMLHttpRequest IFrame Proxying: + //http://dojotoolkit.org/book/dojo-book-0-4/part-5-connecting-pieces/i-o/cross-domain-xmlhttprequest-using-iframe-proxy + this._requestHeaders = {}; + this._allResponseHeaders = null; + this._responseHeaders = {}; + this._method = null; + this._uri = null; + this._bodyData = null; + this.responseText = null; + this.responseXML = null; + this.status = null; + this.statusText = null; + this.readyState = 0; + + this._ifpServerUrl = ifpServerUrl; + this._stateId = null; +} + +dojo.extend(dojox.io.proxy.xip.XhrIframeFacade, { + //The open method does not properly reset since Dojo does not reuse XHR objects. + open: function(/*String*/method, /*String*/uri){ + this._method = method; + this._uri = uri; + + this.readyState = 1; + }, + + setRequestHeader: function(/*String*/header, /*String*/value){ + this._requestHeaders[header] = value; + }, + + send: function(/*String*/stringData){ + this._bodyData = stringData; + + this._stateId = dojox.io.proxy.xip.send(this); + + this.readyState = 2; + }, + abort: function(){ + dojox.io.proxy.xip.destroyState(this._stateId); + }, + + getAllResponseHeaders: function(){ + return this._allResponseHeaders; //String + }, + + getResponseHeader: function(/*String*/header){ + return this._responseHeaders[header]; //String + }, + + _setResponseHeaders: function(/*String*/allHeaders){ + if(allHeaders){ + this._allResponseHeaders = allHeaders; + + //Make sure ther are now CR characters in the headers. + allHeaders = allHeaders.replace(/\r/g, ""); + var nvPairs = allHeaders.split("\n"); + for(var i = 0; i < nvPairs.length; i++){ + if(nvPairs[i]){ + var nameValue = nvPairs[i].split(": "); + this._responseHeaders[nameValue[0]] = nameValue[1]; + } + } + } + } +}); + +} diff --git a/includes/js/dojox/io/proxy/xip_client.html b/includes/js/dojox/io/proxy/xip_client.html new file mode 100644 index 0000000..c51a839 --- /dev/null +++ b/includes/js/dojox/io/proxy/xip_client.html @@ -0,0 +1,102 @@ +<!-- + /* + Copyright (c) 2004-2008, The Dojo Foundation + All Rights Reserved. + + Licensed under the Academic Free License version 2.1 or above OR the + modified BSD license. For more information on Dojo licensing, see: + + http://dojotoolkit.org/community/licensing.shtml + */ +--> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + <title></title> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> + <!-- Security protection: uncomment the start and end script tags to enable. --> + <!-- script type="text/javascript" --> + // <!-- + + function pollHash(){ + //Can't use location.hash because at least Firefox does a decodeURIComponent on it. + var urlParts = window.location.href.split("#"); + if(urlParts.length == 2){ + var newHash = urlParts[1]; + if(newHash != xipCurrentHash){ + try{ + callMaster(xipStateId, newHash); + }catch(e){ + //Make sure to not keep processing the error hash value. + xipCurrentHash = newHash; + throw e; + } + xipCurrentHash = newHash; + } + } + } + + function unpackMessage(encodedMessage){ + var parts = encodedMessage.split(":"); + var command = parts[1]; + encodedMessage = parts[2] || ""; + + var config = null; + if(command == "init"){ + var configParts = encodedMessage.split("&"); + config = {}; + for(var i = 0; i < configParts.length; i++){ + var nameValue = configParts[i].split("="); + config[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]); + } + } + return {command: command, message: encodedMessage, config: config}; + } + + //************** Init ************************** + xipCurrentHash = ""; + + //Decode the init params + var fragId = window.location.href.split("#")[1]; + var config = unpackMessage(fragId).config; + + xipStateId = config.id; + xipMasterFrame = parent.parent; + + //Set up an HTML5 messaging publisher if postMessage exists. + //As of this writing, this is only useful to get Opera 9.25+ to work. + if(typeof document.postMessage != "undefined"){ + callMaster = function(stateId, message){ + xipMasterFrame.document.postMessage(stateId + "#" + message); + } + }else{ + var parts = config.callback.split("."); + xipCallbackObject = xipMasterFrame; + for(var i = 0; i < parts.length - 1; i++){ + xipCallbackObject = xipCallbackObject[parts[i]]; + } + xipCallback = parts[parts.length - 1]; + + callMaster = function(stateId, message){ + xipCallbackObject[xipCallback](stateId + "#" + message); + } + } + + //Call the master frame to let it know it is OK to start sending. + callMaster(xipStateId, "0:loaded"); + + //Start counter to inspect hash value. + setInterval(pollHash, 10); + + // --> + <!-- </script> --> +</head> +<body> + <h4>The Dojo Toolkit -- xip_client.html</h4> + + <p>This file is used for Dojo's XMLHttpRequest Iframe Proxy. This is the "client" file used + internally by dojox.io.proxy.xip.</p> +</body> +</html> diff --git a/includes/js/dojox/io/proxy/xip_server.html b/includes/js/dojox/io/proxy/xip_server.html new file mode 100644 index 0000000..01b7274 --- /dev/null +++ b/includes/js/dojox/io/proxy/xip_server.html @@ -0,0 +1,382 @@ +<!-- + /* + Copyright (c) 2004-2008, The Dojo Foundation + All Rights Reserved. + + Licensed under the Academic Free License version 2.1 or above OR the + modified BSD license. For more information on Dojo licensing, see: + + http://dojotoolkit.org/community/licensing.shtml + */ + Pieces taken from Dojo source to make this file stand-alone +--> +<html> +<head> + <title></title> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> + <script type="text/javascript" src="isAllowed.js"></script> + <!-- + BY DEFAULT THIS FILE DOES NOT WORK SO THAT YOU DON'T ACCIDENTALLY EXPOSE + ALL OF YOUR XHR-ENABLED SERVICES ON YOUR SITE. + + In order for this file to work, you need to uncomment the start and end script tags, + and you should define a function with the following signature: + + function isAllowedRequest(request){ + return false; + } + + Return true out of the function if you want to allow the cross-domain request. + + DON'T DEFINE THIS FUNCTION IN THIS FILE! Define it in a separate file called isAllowed.js + and include it in this page with a script tag that has a src attribute pointing to the file. + See the very first script tag in this file for an example. You do not have to place the + script file in the same directory as this file, just update the path above if you move it + somewhere else. + + Customize the isAllowedRequest function to restrict what types of requests are allowed + for this server. The request object has the following properties: + - requestHeaders: an object with the request headers that are to be added to + the XHR request. + - method: the HTTP method (GET, POST, etc...) + - uri: The URI for the request. + - data: The URL-encoded data for the request. For a GET request, this would + be the querystring parameters. For a POST request, it wll be the + body data. + + See xip_client.html for more info on the xip fragment identifier protocol. + --> + + <!-- Security protection: uncomment the script tag to enable. --> + <!-- script type="text/javascript" --> + // <!-- + //Core XHR handling taken from Dojo IO code. + dojo = {}; + dojo.hostenv = {}; + // These are in order of decreasing likelihood; this will change in time. + dojo.hostenv._XMLHTTP_PROGIDS = ['Msxml2.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.4.0']; + + dojo.hostenv.getXmlhttpObject = function(){ + var http = null; + var last_e = null; + try{ http = new XMLHttpRequest(); }catch(e){} + if(!http){ + for(var i=0; i<3; ++i){ + var progid = dojo.hostenv._XMLHTTP_PROGIDS[i]; + try{ + http = new ActiveXObject(progid); + }catch(e){ + last_e = e; + } + + if(http){ + dojo.hostenv._XMLHTTP_PROGIDS = [progid]; // so faster next time + break; + } + } + + /*if(http && !http.toString) { + http.toString = function() { "[object XMLHttpRequest]"; } + }*/ + } + + if(!http){ + throw "xip_server.html: XMLHTTP not available: " + last_e; + } + + return http; + } + + dojo.setHeaders = function(http, headers){ + if(headers) { + for(var header in headers) { + var headerValue = headers[header]; + http.setRequestHeader(header, headerValue); + } + } + } + + //MSIE has the lowest limit for URLs with fragment identifiers, + //at around 4K. Choosing a slightly smaller number for good measure. + xipUrlLimit = 4000; + xipIdCounter = 1; + + function xipServerInit(){ + xipStateId = ""; + xipCurrentHash = ""; + xipRequestMessage = ""; + xipResponseParts = []; + xipPartIndex = 0; + } + + function pollHash(){ + //Can't use location.hash because at least Firefox does a decodeURIComponent on it. + var urlParts = window.location.href.split("#"); + if(urlParts.length == 2){ + var newHash = urlParts[1]; + if(newHash != xipCurrentHash){ + try{ + messageReceived(newHash); + }catch(e){ + //Make sure to not keep processing the error hash value. + xipCurrentHash = newHash; + throw e; + } + xipCurrentHash = newHash; + } + } + } + + function messageReceived(encodedData){ + var msg = unpackMessage(encodedData); + + switch(msg.command){ + case "ok": + sendResponsePart(); + break; + case "start": + xipRequestMessage = ""; + xipRequestMessage += msg.message; + setClientUrl("ok"); + break; + case "part": + xipRequestMessage += msg.message; + setClientUrl("ok"); + break; + case "end": + setClientUrl("ok"); + xipRequestMessage += msg.message; + sendXhr(); + break; + } + } + + function sendResponse(encodedData){ + //Break the message into parts, if necessary. + xipResponseParts = []; + var resData = encodedData; + var urlLength = xipClientUrl.length; + var partLength = xipUrlLimit - urlLength; + var resIndex = 0; + + while((resData.length - resIndex) + urlLength > xipUrlLimit){ + var part = resData.substring(resIndex, resIndex + partLength); + //Safari will do some extra hex escaping unless we keep the original hex + //escaping complete. + var percentIndex = part.lastIndexOf("%"); + if(percentIndex == part.length - 1 || percentIndex == part.length - 2){ + part = part.substring(0, percentIndex); + } + xipResponseParts.push(part); + resIndex += part.length; + } + xipResponseParts.push(resData.substring(resIndex, resData.length)); + + xipPartIndex = 0; + sendResponsePart(); + } + + function sendResponsePart(){ + if(xipPartIndex < xipResponseParts.length){ + //Get the message part. + var partData = xipResponseParts[xipPartIndex]; + + //Get the command. + var cmd = "part"; + if(xipPartIndex + 1 == xipResponseParts.length){ + cmd = "end"; + }else if (xipPartIndex == 0){ + cmd = "start"; + } + + setClientUrl(cmd, partData); + xipPartIndex++; + }else{ + xipServerInit(); + } + } + + function setClientUrl(cmd, message){ + var clientUrl = makeClientUrl(cmd, message); + //Safari won't let us replace across domains. + if(navigator.userAgent.indexOf("Safari") == -1){ + xipClientWindow.location.replace(clientUrl); + }else{ + xipClientWindow.location = clientUrl; + } + } + + function makeClientUrl(cmd, message){ + var clientUrl = xipClientUrl + "#" + (xipIdCounter++) + ":" + cmd; + if(message){ + clientUrl += ":" + message; + } + return clientUrl + } + + function xhrDone(xhr){ + /* Need to pull off and return the following data: + - responseHeaders + - status + - statusText + - responseText + */ + var response = {}; + + if(typeof(xhr.getAllResponseHeaders) != "undefined"){ + var allHeaders = xhr.getAllResponseHeaders(); + if(allHeaders){ + response.responseHeaders = allHeaders; + } + } + + if(xhr.status == 0 || xhr.status){ + response.status = xhr.status; + } + + if(xhr.statusText){ + response.statusText = xhr.statusText; + } + + if(xhr.responseText){ + response.responseText = xhr.responseText; + } + + //Build a string of the response object. + var result = ""; + var isFirst = true; + for (var param in response){ + if(isFirst){ + isFirst = false; + }else{ + result += "&"; + } + result += param + "=" + encodeURIComponent(response[param]); + } + sendResponse(result); + } + + function sendXhr(){ + var request = {}; + var nvPairs = xipRequestMessage.split("&"); + var i = 0; + var nameValue = null; + for(i = 0; i < nvPairs.length; i++){ + if(nvPairs[i]){ + var nameValue = nvPairs[i].split("="); + request[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]); + } + } + + //Split up the request headers, if any. + var headers = {}; + if(request.requestHeaders){ + nvPairs = request.requestHeaders.split("\r\n"); + for(i = 0; i < nvPairs.length; i++){ + if(nvPairs[i]){ + nameValue = nvPairs[i].split(": "); + headers[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]); + } + } + + request.requestHeaders = headers; + } + + if(isAllowedRequest(request)){ + + //The request is allowed, so set up the XHR object. + var xhr = dojo.hostenv.getXmlhttpObject(); + + //Start timer to look for readyState. + var xhrIntervalId = setInterval(function(){ + + if(xhr.readyState == 4){ + clearInterval(xhrIntervalId); + xhrDone(xhr); + } + }, 10); + + //Actually start up the XHR request. + xhr.open(request.method, request.uri, true); + dojo.setHeaders(xhr, request.requestHeaders); + + var content = ""; + if(request.data){ + content = request.data; + } + + try{ + xhr.send(content); + }catch(e){ + if(typeof xhr.abort == "function"){ + xhr.abort(); + xhrDone({status: 404, statusText: "xip_server.html error: " + e}); + } + } + } + } + + function unpackMessage(encodedMessage){ + var parts = encodedMessage.split(":"); + var command = parts[1]; + encodedMessage = parts[2] || ""; + + var config = null; + if(command == "init"){ + var configParts = encodedMessage.split("&"); + config = {}; + for(var i = 0; i < configParts.length; i++){ + var nameValue = configParts[i].split("="); + config[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]); + } + } + return {command: command, message: encodedMessage, config: config}; + } + + function onServerLoad(){ + xipServerInit(); + + //Decode the init params + var config = unpackMessage(window.location.href.split("#")[1]).config; + + xipStateId = config.id; + xipClientUrl = config.client; + + //Make sure we don't have a javascript: url, just for good measure. + if(xipClientUrl.split(":")[0].match(/javascript/i)){ + throw "Invalid client URL"; + } + if(!xipStateId.match(/^XhrIframeProxy[0-9]+$/)){ + throw "Invalid state ID"; + } + + setInterval(pollHash, 10); + + var serverUrl = window.location.href.split("#")[0]; + document.getElementById("iframeHolder").innerHTML = '<iframe name="' + + xipStateId + '_clientEndPoint' + + '" src="javascript:false">' + + '</iframe>'; + xipClientWindow = document.getElementsByTagName("iframe")[0]; + xipClientWindow.src = makeClientUrl("init", 'id=' + xipStateId + "&callback=" + encodeURIComponent(config.callback)); + if(xipClientWindow.contentWindow){ + xipClientWindow = xipClientWindow.contentWindow; + } + } + + if(typeof(window.addEventListener) == "undefined"){ + window.attachEvent("onload", onServerLoad); + }else{ + window.addEventListener('load', onServerLoad, false); + } + // --> + <!-- </script> --> +</head> +<body> + <h4>The Dojo Toolkit -- xip_server.html</h4> + + <p>This file is used for Dojo's XMLHttpRequest Iframe Proxy. This is the the file + that should go on the server that will actually be doing the XHR request.</p> + <div id="iframeHolder"></div> +</body> +</html> |