[patch] and [plugin] Fixing AJAX limitations with PerlBAL

João Pedro Gonçalves joaop at co.sapo.pt
Fri Jan 6 19:13:25 UTC 2006


Hi all,

One of the issues with XMLHttpRequest calls used in AJAX frameworks
is that you can only make requests to the same host:port pair that the  
original request came from (Firefox on default settings).

This security feature is in place to avoid calls to insecure sites, but  
what if you have different sites in your network that you trust
and you wish to make calls to them?

For instance, you have a Windows Web Service framework that you need to  
access from a Javascript call on an Apache host.

This usually involves doing some reverse proxy tricks, so Perlbal may  
solve this issue quite nicely.

The following Plugin, AJAXSelector, allows to configure a URL namespace  
that is used to redirects the calls to another - configured - host:

So, having a Perlbal running on 'www.mysite.com', the URL:

http://www.mysite.com/reverseproxynamespace/otherhost.mysite.com/ 
file.html
calls instead
http://otherhost.mysite.com/file.html

The configuration to activate the example would be:
Load AJAXSelector
AJAX NAMESPACE  reverseproxynamespace
AJAX HOST otherhost.mysite.com


Per each 'AJAX HOST' entry, one pool/service pair is created, using the  
IP addresses associated with the name
to populate the pool.

This way, an application can make 'controlled' cross-site calls, based  
on the list of trusted web sites.

Since this plugin manipulates the request_uri, i've added two patches  
to allow write access to $headers->request_uri() in
   Perlbal::HTTPHeaders and Perlbal::XS::HTTPHeaders .



Thank you for your comments,
João Pedro Gonçalves
SAPO


-------------- next part --------------
A non-text attachment was scrubbed...
Name: AJAXSelector.pm
Type: application/octet-stream
Size: 4018 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/perlbal/attachments/20060106/77acc2f5/AJAXSelector.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: perlbal-1.39.diff
Type: application/octet-stream
Size: 520 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/perlbal/attachments/20060106/77acc2f5/perlbal-1.39.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: perlbal-xs-0.18.diff
Type: application/octet-stream
Size: 2032 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/perlbal/attachments/20060106/77acc2f5/perlbal-xs-0.18.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rp-balancer.conf
Type: application/octet-stream
Size: 583 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/perlbal/attachments/20060106/77acc2f5/rp-balancer.obj
-------------- next part --------------




More information about the perlbal mailing list