123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386 |
- <!--
- /*
- Copyright (c) 2004-2006, The Dojo Foundation
- All Rights Reserved.
-
- Licensed under the Academic Free License version 2.1 or above OR the
- modified BSD license. For more information on Dojo licensing, see:
-
- http://dojotoolkit.org/community/licensing.shtml
- */
- Pieces taken from Dojo source to make this file stand-alone
- -->
- <html>
- <head>
- <title></title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
- <script type="text/javascript" src="isAllowed.js"></script>
- <!--
- BY DEFAULT THIS FILE DOES NOT WORK SO THAT YOU DON'T ACCIDENTALLY EXPOSE
- ALL OF YOUR XHR-ENABLED SERVICES ON YOUR SITE.
-
- In order for this file to work, you need to uncomment the start and end script tags,
- and you should define a function with the following signature:
-
- function isAllowedRequest(request){
- return false;
- }
-
- Return true out of the function if you want to allow the cross-domain request.
-
- DON'T DEFINE THIS FUNCTION IN THIS FILE! Define it in a separate file called isAllowed.js
- and include it in this page with a script tag that has a src attribute pointing to the file.
- See the very first script tag in this file for an example. You do not have to place the
- script file in the same directory as this file, just update the path above if you move it
- somewhere else.
-
- Customize the isAllowedRequest function to restrict what types of requests are allowed
- for this server. The request object has the following properties:
- - requestHeaders: an object with the request headers that are to be added to
- the XHR request.
- - method: the HTTP method (GET, POST, etc...)
- - uri: The URI for the request.
- - data: The URL-encoded data for the request. For a GET request, this would
- be the querystring parameters. For a POST request, it wll be the
- body data.
-
- See xip_client.html for more info on the xip fragment identifier protocol.
- -->
-
- <!-- Security protection: uncomment the script tag to enable. -->
- <!-- script type="text/javascript" -->
- // <!--
- //Core XHR handling taken from Dojo IO code.
- dojo = {};
- dojo.hostenv = {};
- // These are in order of decreasing likelihood; this will change in time.
- dojo.hostenv._XMLHTTP_PROGIDS = ['Msxml2.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.4.0'];
-
- dojo.hostenv.getXmlhttpObject = function(){
- var http = null;
- var last_e = null;
- try{ http = new XMLHttpRequest(); }catch(e){}
- if(!http){
- for(var i=0; i<3; ++i){
- var progid = dojo.hostenv._XMLHTTP_PROGIDS[i];
- try{
- http = new ActiveXObject(progid);
- }catch(e){
- last_e = e;
- }
-
- if(http){
- dojo.hostenv._XMLHTTP_PROGIDS = [progid]; // so faster next time
- break;
- }
- }
-
- /*if(http && !http.toString) {
- http.toString = function() { "[object XMLHttpRequest]"; }
- }*/
- }
-
- if(!http){
- throw "xip_server.html: XMLHTTP not available: " + last_e;
- }
-
- return http;
- }
- dojo.setHeaders = function(http, headers){
- if(headers) {
- for(var header in headers) {
- var headerValue = headers[header];
- http.setRequestHeader(header, headerValue);
- }
- }
- }
- //MSIE has the lowest limit for URLs with fragment identifiers,
- //at around 4K. Choosing a slightly smaller number for good measure.
- xipUrlLimit = 4000;
- xipIdCounter = 1;
- function xipServerInit(){
- xipStateId = "";
- xipCurrentHash = "";
- xipRequestMessage = "";
- xipResponseParts = [];
- xipPartIndex = 0;
- }
- function pollHash(){
- //Can't use location.hash because at least Firefox does a decodeURIComponent on it.
- var urlParts = window.location.href.split("#");
- if(urlParts.length == 2){
- var newHash = urlParts[1];
- if(newHash != xipCurrentHash){
- try{
- messageReceived(newHash);
- }catch(e){
- //Make sure to not keep processing the error hash value.
- xipCurrentHash = newHash;
- throw e;
- }
- xipCurrentHash = newHash;
- }
- }
- }
- function messageReceived(encodedData){
- var msg = unpackMessage(encodedData);
-
- switch(msg.command){
- case "ok":
- sendResponsePart();
- break;
- case "start":
- xipRequestMessage = "";
- xipRequestMessage += msg.message;
- setClientUrl("ok");
- break;
- case "part":
- xipRequestMessage += msg.message;
- setClientUrl("ok");
- break;
- case "end":
- setClientUrl("ok");
- xipRequestMessage += msg.message;
- sendXhr();
- break;
- }
- }
- function sendResponse(encodedData){
- //Break the message into parts, if necessary.
- xipResponseParts = [];
- var resData = encodedData;
- var urlLength = xipClientUrl.length;
- var partLength = xipUrlLimit - urlLength;
- var resIndex = 0;
- while((resData.length - resIndex) + urlLength > xipUrlLimit){
- var part = resData.substring(resIndex, resIndex + partLength);
- //Safari will do some extra hex escaping unless we keep the original hex
- //escaping complete.
- var percentIndex = part.lastIndexOf("%");
- if(percentIndex == part.length - 1 || percentIndex == part.length - 2){
- part = part.substring(0, percentIndex);
- }
- xipResponseParts.push(part);
- resIndex += part.length;
- }
- xipResponseParts.push(resData.substring(resIndex, resData.length));
-
- xipPartIndex = 0;
- sendResponsePart();
- }
-
- function sendResponsePart(){
- if(xipPartIndex < xipResponseParts.length){
- //Get the message part.
- var partData = xipResponseParts[xipPartIndex];
-
- //Get the command.
- var cmd = "part";
- if(xipPartIndex + 1 == xipResponseParts.length){
- cmd = "end";
- }else if (xipPartIndex == 0){
- cmd = "start";
- }
- setClientUrl(cmd, partData);
- xipPartIndex++;
- }else{
- xipServerInit();
- }
- }
- function setClientUrl(cmd, message){
- var clientUrl = makeClientUrl(cmd, message);
- //Safari won't let us replace across domains.
- if(navigator.userAgent.indexOf("Safari") == -1){
- parent.location.replace(clientUrl);
- }else{
- parent.location = clientUrl;
- }
- }
- function makeClientUrl(cmd, message){
- var clientUrl = xipClientUrl + "#" + (xipIdCounter++) + ":" + cmd;
- if(message){
- clientUrl += ":" + message;
- }
- return clientUrl
- }
- function xhrDone(xhr){
- /* Need to pull off and return the following data:
- - responseHeaders
- - status
- - statusText
- - responseText
- */
- var response = {};
-
- if(typeof(xhr.getAllResponseHeaders) != "undefined"){
- var allHeaders = xhr.getAllResponseHeaders();
- if(allHeaders){
- response.responseHeaders = allHeaders;
- }
- }
-
- if(xhr.status == 0 || xhr.status){
- response.status = xhr.status;
- }
-
- if(xhr.statusText){
- response.statusText = xhr.statusText;
- }
-
- if(xhr.responseText){
- response.responseText = xhr.responseText;
- }
-
- //Build a string of the response object.
- var result = "";
- var isFirst = true;
- for (var param in response){
- if(isFirst){
- isFirst = false;
- }else{
- result += "&";
- }
- result += param + "=" + encodeURIComponent(response[param]);
- }
- sendResponse(result);
- }
- function sendXhr(){
- var request = {};
- var nvPairs = xipRequestMessage.split("&");
- var i = 0;
- var nameValue = null;
- for(i = 0; i < nvPairs.length; i++){
- if(nvPairs[i]){
- var nameValue = nvPairs[i].split("=");
- request[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]);
- }
- }
- //Split up the request headers, if any.
- var headers = {};
- if(request.requestHeaders){
- nvPairs = request.requestHeaders.split("\r\n");
- for(i = 0; i < nvPairs.length; i++){
- if(nvPairs[i]){
- nameValue = nvPairs[i].split(": ");
- headers[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]);
- }
- }
- request.requestHeaders = headers;
- }
-
- if(isAllowedRequest(request)){
-
- //The request is allowed, so set up the XHR object.
- var xhr = dojo.hostenv.getXmlhttpObject();
-
- //Start timer to look for readyState.
- var xhrIntervalId = setInterval(function(){
-
- if(xhr.readyState == 4){
- clearInterval(xhrIntervalId);
- xhrDone(xhr);
- }
- }, 10);
- //Actually start up the XHR request.
- xhr.open(request.method, request.uri, true);
- dojo.setHeaders(xhr, request.requestHeaders);
-
- var content = "";
- if(request.data){
- content = request.data;
- }
- try{
- xhr.send(content);
- }catch(e){
- if(typeof xhr.abort == "function"){
- xhr.abort();
- xhrDone({status: 404, statusText: "xip_server.html error: " + e});
- }
- }
- }
- }
- function unpackMessage(encodedMessage){
- var parts = encodedMessage.split(":");
- var command = parts[1];
- encodedMessage = parts[2] || "";
- var config = null;
- if(command == "init"){
- var configParts = encodedMessage.split("&");
- config = {};
- for(var i = 0; i < configParts.length; i++){
- var nameValue = configParts[i].split("=");
- config[decodeURIComponent(nameValue[0])] = decodeURIComponent(nameValue[1]);
- }
- }
- return {command: command, message: encodedMessage, config: config};
- }
- function onServerLoad(){
- xipServerInit();
- //Decode the init params
- var config = unpackMessage(window.location.href.split("#")[1]).config;
- xipStateId = config.id;
- xipClientUrl = config.client;
-
- //Make sure we don't have a javascript: url, just for good measure.
- if(xipClientUrl.split(":")[0].match(/javascript/i)){
- throw "Invalid client URL";
- }
- if(!xipStateId.match(/^XhrIframeProxy[0-9]+$/)){
- throw "Invalid state ID";
- }
- xipUseFrameRecursion = config["fr"];
- setInterval(pollHash, 10);
-
- if(xipUseFrameRecursion == "true"){
- var serverUrl = window.location.href.split("#")[0];
- document.getElementById("iframeHolder").innerHTML = '<iframe name="'
- + xipStateId + '_clientEndPoint'
- + '" src="javascript:false">'
- + '</iframe>';
- var iframeNode = document.getElementsByTagName("iframe")[0];
- iframeNode.src = makeClientUrl("init", 'id=' + xipStateId + '&server='
- + encodeURIComponent(serverUrl) + '&fr=endpoint');
- }else{
- setClientUrl("loaded");
- }
- }
- if(typeof(window.addEventListener) == "undefined"){
- window.attachEvent("onload", onServerLoad);
- }else{
- window.addEventListener('load', onServerLoad, false);
- }
- // -->
- <!-- </script> -->
- </head>
- <body>
- <h4>The Dojo Toolkit -- xip_server.html</h4>
- <p>This file is used for Dojo's XMLHttpRequest Iframe Proxy. This is the the file
- that should go on the server that will actually be doing the XHR request.</p>
- <div id="iframeHolder"></div>
- </body>
- </html>
|