You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Chris Chabot <ch...@xs4all.nl> on 2008/07/11 15:04:26 UTC

Re: cross-domain problem

Hi Vasek,

Could you please always direct shindig related questions to the shindig-dev@incubator.apache.org 
  list? I always read every email there, and there's a lot of other  
smart people there that can help out with shindig questions too that  
might be able to offer more insightful comments then me :)

Open Social uses XHR requests from the gadgets to the social backend,  
so the iframe domain in which the gadget is rendered and the social  
data back-end should be on the same domain, otherwise the same-origin/ 
cross-domain policy of the browser will block your XHR requests... and  
that kind of ruins the social gadget experience :)

However your container (your social website) -should- be on another  
domain .. that's the basis of the security model, so no problem if you  
want to put that on a different domain at all :)

If you'd -REALLY- want to put the social data and the gadgets on  
different domains, there are some 'hacks' to try to make this work  
with XHR, see:
http://www.mellowmorning.com/2007/10/25/introducing-a-cross-site-ajax-plugin-for-prototype/
for instance for a prototype type solution, the same type of solution  
you could try to build into the XHR gadgets.io code too i guess ...  
but there's no guarantee's it will always keep working so your getting  
your self into a pile of work then :)

It would probably be easier to use the vanilla shindig social data  
interfaces, and if you have the data source on another server,  
implement a xml-rpc / soap / any other kind of RPC mechanism in the  
data service classes that talks to your real data service. That way  
it's less code, no code maintenance nightmare's and no possible  
security risks.

	-- Chris

On Jul 11, 2008, at 2:55 PM, Vaclav Tolar wrote:

> Hi Chris,
>
> You would be very kind if you help me with my problem with Shindig.
>
> I am working on solution which will be based on Shindig OpenSocial  
> container. We will use gadget server of shindig, but open social  
> container (from shindig) we have to move to another place in  
> different domain. So I need to change OpenSocial JavaScript API  
> (opensocial.js, ...) to  work also cross domain.  Could you outline  
> you thougts of potential solutions.
>
> Many thanks,
> Vasek Tolar