[patch] and [plugin] Fixing AJAX limitations with PerlBAL

João Pedro Gonçalves joaop at co.sapo.pt
Fri Jan 6 20:09:48 UTC 2006 

Here's an updated version of the plugin, allowing to use either an URL 
namespace or an HTTP header
added via the setRequestHeader() method in XMLHttpRequest .

A configuration using an http header instead of the URI namespace would 
be:

Load AJAXSelector
AJAX HEADER  X-reverse-host
AJAX HOST otherhost.mysite.com

A typical XMLHttpRequest call to set this would be:

req = new XMLHttpRequest();
req.open('GET', '/index.html', true);
req.setRequestHeader('X-reverse-host', 'otherhost.mysite.com');
req.onreadystatechange = function () {
       if (req.readyState == 4) {
          if(req.status == 200)
           alert(req.responseText);
          else
           alert("Error loading page\n");
       }
};
req.send(null);



Best regards,
João Pedro Gonçalves
SAPO
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AJAXSelector.pm
Type: application/octet-stream
Size: 4260 bytes
Desc: not available
Url : http://lists.danga.com/pipermail/perlbal/attachments/20060106/2a08856d/AJAXSelector.obj
-------------- next part --------------


On Jan 6, 2006, at 19:13, João Pedro Gonçalves wrote:

> Hi all,
>
> One of the issues with XMLHttpRequest calls used in AJAX frameworks
> is that you can only make requests to the same host:port pair that the  
> original request came from (Firefox on default settings).
>
> This security feature is in place to avoid calls to insecure sites,  
> but what if you have different sites in your network that you trust
> and you wish to make calls to them?
>
> For instance, you have a Windows Web Service framework that you need  
> to access from a Javascript call on an Apache host.
>
> This usually involves doing some reverse proxy tricks, so Perlbal may  
> solve this issue quite nicely.
>
> The following Plugin, AJAXSelector, allows to configure a URL  
> namespace that is used to redirects the calls to another - configured  
> - host:
>
> So, having a Perlbal running on 'www.mysite.com', the URL:
>
> http://www.mysite.com/reverseproxynamespace/otherhost.mysite.com/ 
> file.html
> calls instead
> http://otherhost.mysite.com/file.html
>
> The configuration to activate the example would be:
> Load AJAXSelector
> AJAX NAMESPACE  reverseproxynamespace
> AJAX HOST otherhost.mysite.com
>
>
> Per each 'AJAX HOST' entry, one pool/service pair is created, using  
> the IP addresses associated with the name
> to populate the pool.
>
> This way, an application can make 'controlled' cross-site calls, based  
> on the list of trusted web sites.
>
> Since this plugin manipulates the request_uri, i've added two patches  
> to allow write access to $headers->request_uri() in
>   Perlbal::HTTPHeaders and Perlbal::XS::HTTPHeaders .
>
>
>
> Thank you for your comments,
> João Pedro Gonçalves
> SAPO
>
>
> <AJAXSelector.pm><perlbal-1.39.diff><perlbal-xs-0.18.diff><rp- 
> balancer.conf>
>

More information about the perlbal mailing list