rpcroute.cgi Page

Download vcXMLRPC 0.80

Documentation Download Change Log Modules Examples Links

From rpcroute.cgi

################################################################################
# rpcproxy.cgi (1.40)
# 22:48 2001-08-30
# Copyright (c) 2001, Saltstorm.net
# License : GNU GPL (http://www.gnu.org/licenses/gpl.txt)
#
################################################################################
# Simple XML-RPC proxy-hack for side-stepping client-side security
# restrictions when using the 'XMLHttpRequest' object in Mozílla 0.8.2+
# and MSIE's 5+ 'Microsoft.XMLHTTP' object, thus giving possibilities of
# accessing public services hosted on remote domains.
#
# The Mozilla browser ships with a native XMLHttpRequest object making it
# possible to implement HTTP request functionality from within a page using
# javascript. This object is very much alike the 'Microsoft.XMLHTTP' object
# bundled with MS Internet Explorer 5+ in terms of the API design, but has
# a different security context. While MSIE's 'Microsoft.XMLHTTP' availability
# is based on "Security Zones" and "Trusted Sites", Mozilla has taken another
# security approach, whereas you can only issue XMLHttpRequests to the same
# domain:port from where the parent document originated. While some might say
# this is feasible in regards for the variuos cross-site scripting exploits,
# other find it very frustrating as they can't access/incorporate services
# from the outside world into their web-apps without having to depend on
# a through and through serverside solution.
#
# This piece came about as Ruben Daniels from Virtual Cowboys
# (http://www.virtualcowboys.com) and I concurrently were struggling with
# client-side Javascript implementations of XML-RPC clients. We found ourselves
# very annoyed with these restrictions as we couldn't take advantage of the
# increasing number of great RPC-services outthere, so I decided to knock
# up this rpc-proxy to overcome this shortcoming.
#
# The idea is very simple. Once placed on your server, it will take a POST
# request coming in from the local domain and pass it along as-is to the real
# RPC-server and then proxy back the response to the client. As of version 1.40
# rpcproxy will even gzip-compress the proxied XML response-stream to make it
# far more manageable in terms of bandwidth. A vanilla XML-document can be
# reduced with up to some 90% of its original size simply by compressing it.
# Gzip-encoded documents are supported by MSIE and Mozilla out-of-the-box,
# so you don't have to care more about it, other than that you have gained
# 9/10's of bandwidth. If you are on a slow connection that makes a big
# difference. But the most important thing here, a request like this,
# as far as Mozilla and MSIE concerns, no security exception was raised
# since the request was seemingly served at the local domain.
#
# MS Explorer 5+ note.
# -----------------------------------------------------------------------------
# While utilizing rpcproxy.cgi as a proxy for Mozilla XMLHttpRequests is crucial
# for making non-local HTTP requests, it also have the effect to MSIE in the
# matter that the 'Microsoft.XMLHTTP' object also consider requests to the
# current domain:port as safe and will gladly go for it WITHOUT having the
# current domain present in the list of "Trusted sites" in security settings.
#
#
# Setting up.
# -----------------------------------------------------------------------------
# Obviously, since this thing is written in PERL, you'll need an
# PERL-interpreter on your server. If you are on a *nix/Linux system you most
# certainly have one there by default. If running on a Win32 system
# (e.g Win NT/2k) there is great distribution of PERL available freely at
# http://www.activestate.com.
#
#
# 1. Put this script accessible from your HTTP-server and make sure it is
# marked executable. (e.g /cgi-bin/...)
#
# 2. Modify the topmost line of this script to match the path to your PERL
# executable. (on most Win32 boxes '#!perl' should be sufficient)
#
# 3. Making sure it is setup alright, open up your favorite browser and
# try to request it. (http://www.mydomain.tld/cgi-bin/rpcproxy.cgi)
# If nothing happens, (a HTTP 204 response) all should be fine.
# If you get a 40x or even a 500/501 you should step back and re-check
# step 1 and 2 again.
#
# 4. Now, the world of remote RPC-services is yours...
# Of course you need to know a fair piece of the DOM, XML and the XML-RPC
# service specification, but that is horse of different color not covered
# here. To get you started, a client-side example:
#
# // Mozilla 0.8.2+
# var sRPCService = 'http://rpc.remote.tld/object/method';
# var sRPCProxy = 'http://www.local.tld/cgi-bin/rpcproxy.cgi';
# var oXML = new XMLHttpRequest();
# oXML.open('POST', sRPCProxy, false);
# oXML.setRequestHeader('X-Proxy-Request', sRPCService);
# oXML.setRequestHeader('X-Compress-Response', 'gzip');
# oXML.send([object XMLDomDocument]);
# var oDomDoc = oXML.responseXML;
# // ... do stuff with oDomDoc ...
#
# // to make the above snippet runnable in MSIE 5+ (Win32) you just
# // need to change the assignment of the 'oXML' variable as follows:
# var oXML = new ActiveXObject('Microsoft.XMLHTTP');
#
#
# ! About security !
# -----------------------------------------------------------------------------
# This script will only proxy POST requests having a HTTP header named
# 'X-Proxy-Request' containing the URL to the real rpc-service. If this
# header isn't present OR the service-URL isn't in the list of allowed
# services, rpcproxy will blackhole the request and respond with a
# simple HTTP status 204.
#
#
# Resources.
# -----------------------------------------------------------------------------
# XML-RPC Home Page.
# http://www.xml-rpc.com
# XML-RPC HOWTO
# http://xmlrpc-c.sourceforge.net/xmlrpc-howto/xmlrpc-howto.html
# Core JavaScript Guide 1.5
# http://developer.netscape.com/docs/manuals/js/core/jsguide15/contents.html
#
# news://comp.lang.javascript
# secnews.netscape.com
# news://netscape.devs-javascript
# news://netscape.public.mozilla.dom
#
# ----------------------------------------------------------------------------
# 2001-08-26, Thomas Loo / Saltstorm
# thomas@saltstorm.net | http://www.saltstorm.net
################################################################################

vcXMLRPC

Download vcXMLRPC 0.80
Documentation Download Change Log Modules Examples Links
From rpcroute.cgi ################################################################################ # rpcproxy.cgi (1.40) # 22:48 2001-08-30 # Copyright (c) 2001, Saltstorm.net # License : GNU GPL (http://www.gnu.org/licenses/gpl.txt) # ################################################################################ # Simple XML-RPC proxy-hack for side-stepping client-side security # restrictions when using the 'XMLHttpRequest' object in Mozílla 0.8.2+ # and MSIE's 5+ 'Microsoft.XMLHTTP' object, thus giving possibilities of # accessing public services hosted on remote domains. # # The Mozilla browser ships with a native XMLHttpRequest object making it # possible to implement HTTP request functionality from within a page using # javascript. This object is very much alike the 'Microsoft.XMLHTTP' object # bundled with MS Internet Explorer 5+ in terms of the API design, but has # a different security context. While MSIE's 'Microsoft.XMLHTTP' availability # is based on "Security Zones" and "Trusted Sites", Mozilla has taken another # security approach, whereas you can only issue XMLHttpRequests to the same # domain:port from where the parent document originated. While some might say # this is feasible in regards for the variuos cross-site scripting exploits, # other find it very frustrating as they can't access/incorporate services # from the outside world into their web-apps without having to depend on # a through and through serverside solution. # # This piece came about as Ruben Daniels from Virtual Cowboys # (http://www.virtualcowboys.com) and I concurrently were struggling with # client-side Javascript implementations of XML-RPC clients. We found ourselves # very annoyed with these restrictions as we couldn't take advantage of the # increasing number of great RPC-services outthere, so I decided to knock # up this rpc-proxy to overcome this shortcoming. # # The idea is very simple. Once placed on your server, it will take a POST # request coming in from the local domain and pass it along as-is to the real # RPC-server and then proxy back the response to the client. As of version 1.40 # rpcproxy will even gzip-compress the proxied XML response-stream to make it # far more manageable in terms of bandwidth. A vanilla XML-document can be # reduced with up to some 90% of its original size simply by compressing it. # Gzip-encoded documents are supported by MSIE and Mozilla out-of-the-box, # so you don't have to care more about it, other than that you have gained # 9/10's of bandwidth. If you are on a slow connection that makes a big # difference. But the most important thing here, a request like this, # as far as Mozilla and MSIE concerns, no security exception was raised # since the request was seemingly served at the local domain. # # MS Explorer 5+ note. # ----------------------------------------------------------------------------- # While utilizing rpcproxy.cgi as a proxy for Mozilla XMLHttpRequests is crucial # for making non-local HTTP requests, it also have the effect to MSIE in the # matter that the 'Microsoft.XMLHTTP' object also consider requests to the # current domain:port as safe and will gladly go for it WITHOUT having the # current domain present in the list of "Trusted sites" in security settings. # # # Setting up. # ----------------------------------------------------------------------------- # Obviously, since this thing is written in PERL, you'll need an # PERL-interpreter on your server. If you are on a *nix/Linux system you most # certainly have one there by default. If running on a Win32 system # (e.g Win NT/2k) there is great distribution of PERL available freely at # http://www.activestate.com. # # # 1. Put this script accessible from your HTTP-server and make sure it is # marked executable. (e.g /cgi-bin/...) # # 2. Modify the topmost line of this script to match the path to your PERL # executable. (on most Win32 boxes '#!perl' should be sufficient) # # 3. Making sure it is setup alright, open up your favorite browser and # try to request it. (http://www.mydomain.tld/cgi-bin/rpcproxy.cgi) # If nothing happens, (a HTTP 204 response) all should be fine. # If you get a 40x or even a 500/501 you should step back and re-check # step 1 and 2 again. # # 4. Now, the world of remote RPC-services is yours... # Of course you need to know a fair piece of the DOM, XML and the XML-RPC # service specification, but that is horse of different color not covered # here. To get you started, a client-side example: # # // Mozilla 0.8.2+ # var sRPCService = 'http://rpc.remote.tld/object/method'; # var sRPCProxy = 'http://www.local.tld/cgi-bin/rpcproxy.cgi'; # var oXML = new XMLHttpRequest(); # oXML.open('POST', sRPCProxy, false); # oXML.setRequestHeader('X-Proxy-Request', sRPCService); # oXML.setRequestHeader('X-Compress-Response', 'gzip'); # oXML.send([object XMLDomDocument]); # var oDomDoc = oXML.responseXML; # // ... do stuff with oDomDoc ... # # // to make the above snippet runnable in MSIE 5+ (Win32) you just # // need to change the assignment of the 'oXML' variable as follows: # var oXML = new ActiveXObject('Microsoft.XMLHTTP'); # # # ! About security ! # ----------------------------------------------------------------------------- # This script will only proxy POST requests having a HTTP header named # 'X-Proxy-Request' containing the URL to the real rpc-service. If this # header isn't present OR the service-URL isn't in the list of allowed # services, rpcproxy will blackhole the request and respond with a # simple HTTP status 204. # # # Resources. # ----------------------------------------------------------------------------- # XML-RPC Home Page. # http://www.xml-rpc.com # XML-RPC HOWTO # http://xmlrpc-c.sourceforge.net/xmlrpc-howto/xmlrpc-howto.html # Core JavaScript Guide 1.5 # http://developer.netscape.com/docs/manuals/js/core/jsguide15/contents.html # # news://comp.lang.javascript # secnews.netscape.com # news://netscape.devs-javascript # news://netscape.public.mozilla.dom # # ---------------------------------------------------------------------------- # 2001-08-26, Thomas Loo / Saltstorm # thomas@saltstorm.net \| http://www.saltstorm.net ################################################################################
vcXMLRPC	© 1999-2001 Virtual Cowboys \| We thank our host: Helder Hosting