You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Chris Chabot <ch...@xs4all.nl> on 2008/07/11 15:04:26 UTC
Re: cross-domain problem
Hi Vasek,
Could you please always direct shindig related questions to the shindig-dev@incubator.apache.org
list? I always read every email there, and there's a lot of other
smart people there that can help out with shindig questions too that
might be able to offer more insightful comments then me :)
Open Social uses XHR requests from the gadgets to the social backend,
so the iframe domain in which the gadget is rendered and the social
data back-end should be on the same domain, otherwise the same-origin/
cross-domain policy of the browser will block your XHR requests... and
that kind of ruins the social gadget experience :)
However your container (your social website) -should- be on another
domain .. that's the basis of the security model, so no problem if you
want to put that on a different domain at all :)
If you'd -REALLY- want to put the social data and the gadgets on
different domains, there are some 'hacks' to try to make this work
with XHR, see:
http://www.mellowmorning.com/2007/10/25/introducing-a-cross-site-ajax-plugin-for-prototype/
for instance for a prototype type solution, the same type of solution
you could try to build into the XHR gadgets.io code too i guess ...
but there's no guarantee's it will always keep working so your getting
your self into a pile of work then :)
It would probably be easier to use the vanilla shindig social data
interfaces, and if you have the data source on another server,
implement a xml-rpc / soap / any other kind of RPC mechanism in the
data service classes that talks to your real data service. That way
it's less code, no code maintenance nightmare's and no possible
security risks.
-- Chris
On Jul 11, 2008, at 2:55 PM, Vaclav Tolar wrote:
> Hi Chris,
>
> You would be very kind if you help me with my problem with Shindig.
>
> I am working on solution which will be based on Shindig OpenSocial
> container. We will use gadget server of shindig, but open social
> container (from shindig) we have to move to another place in
> different domain. So I need to change OpenSocial JavaScript API
> (opensocial.js, ...) to work also cross domain. Could you outline
> you thougts of potential solutions.
>
> Many thanks,
> Vasek Tolar