GoogleIt Mail IT Print IT PermaLinkA Pitfall To Avoid In AJAX Coding
12:09:19 PM
Written By : Richard SchwartzCategory : AJAX With IBM Lotus Domino
Location : Nashua, NH

Hard-coding URLs always bad. When writing demo code, I succumb to the temptation to hard-code as much as anyone, though. When a server answers to multiple host-names, however, a hard-coded URL with either name will work fine in a conventional app. It may not work in an AJAX app. Why? Browser security restrictions.

Example: my sample for the Advisor article can be reached on-line via two URLs.

Both of these URLs go to the same app on the same server, but if you use the first URL, you will find that the hotspots are no-ops. They're generating URLs for hostname smokey and trying to retrieve them via XMLHttpRequest. That doesn't work because the browser says "Wait just a doggone minute there! This page came from www and it's trying to pull in data from smokey! This is cross-site scripting badness. It must not be allowed!" Honestly, I heard my browser say this one night while I was testing. Or maybe it was just an echo from my bashing my head for about an hour trying to figure out why my app had suddenly stopped working. (Note to self: error handling in AJAX is a good topic for future learning.)

This page has been accessed 437 times. .
Comments :v

1. Jeff Crossett10/06/2005 12:38:41 PM

I believe that you do not need to always specify a host name, but can use the "/yourDb.nsf..." syntax. I will need to verify that, but I am pretty sure that I am using that syntax on my demo.

2. Richard Schwartz10/06/2005 01:23:36 PM

That's probably true. In all respects that I'm aware of, calling XMLHttpRequest seems to know the context of the current page, so relative URLs should work. I have a bad habit of using full URLs in a lot of places where relative would be better.

3. Jeff Crossett10/06/2005 02:14:19 PM

Funny thing, this exact topic was asked over at the LDD forums just a few hours after I read your ost.

4. Richard Schwartz10/06/2005 02:46:27 PM

Now that's what I call a coincidence

5. Nathan T. Freeman10/07/2005 04:57:07 AM

You can get around this by setting your document domain parameter.

See here:

It's very useful for portal programming, where you're quite likely to want to do cross-frame scripting. I ran into this stuff a few years ago designing a simple portal using IFRAMEs instead of aggregating at the server.

6. Alan Bell10/07/2005 01:56:45 PM

I ran in to this today too. I have a reverse proxy at the minute so it was confused as to the requesting host name.

Enter Comments^

Email addresses provided are not made available on this site.

You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links

:-x :cry: :laugh: :-( :cool: :huh: :-) :angry: :-D ;-) :-p :grin: :rolleyes: :-\ :emb: :lips: :-o
bold italic underline Strikethrough

Remember me    

Monthly Archive
Responses Elsewhere

About The Schwartz


All opinions expressed here are my own, and do not represent positions of my employer.