You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Vassilis Virvilis <v....@biovista.com> on 2008/05/28 16:00:56 UTC
soapclient.js, cross site scripting and php proxy
Hi everybody,
As everybody knows cross site scripting calls (from javascript) are dissallowed by the browser.
If you absolutely want to call a webservice in a machine different from your web server you will need a php proxy that will reside into the same machine with the javascript script and it will be a proxy for your remote ws provider.
I wrote such a solution starting from http://developer.yahoo.com/javascript/howto-proxy.html and adding session management and cleaning up the code to properly support POST, session, https.
Here is the code in case somebody is interested...
In order to make it work you have to make your javascript to point to wsproxy.php and
the variable
$url = "http://remote.host.org/webservice/path/endpoint"
inside the wsproxy.php to point where you feel like
https is supported be turning off the SSL verification. If that matters for you don't forget to enable the SSL verification.
Vassilis
Re: soapclient.js, cross site scripting and php proxy
Posted by Benson Margulies <bi...@gmail.com>.
I intentionally left this out of the CXF javascript client, since the means
for enabling cross-scripting is very browser-specific. So I endorse the
proxy trick.
On Wed, May 28, 2008 at 10:00 AM, Vassilis Virvilis <v....@biovista.com>
wrote:
> Hi everybody,
>
> As everybody knows cross site scripting calls (from javascript) are
> dissallowed by the browser.
>
> If you absolutely want to call a webservice in a machine different from
> your web server you will need a php proxy that will reside into the same
> machine with the javascript script and it will be a proxy for your remote ws
> provider.
>
> I wrote such a solution starting from
> http://developer.yahoo.com/javascript/howto-proxy.html and adding session
> management and cleaning up the code to properly support POST, session,
> https.
>
> Here is the code in case somebody is interested...
>
> In order to make it work you have to make your javascript to point to
> wsproxy.php and
> the variable
> $url = "http://remote.host.org/webservice/path/endpoint"
> inside the wsproxy.php to point where you feel like
>
> https is supported be turning off the SSL verification. If that matters for
> you don't forget to enable the SSL verification.
>
> Vassilis
>