ajaxCFC with security and debugging released
I just uploaded a new release of ajaxCFC with some really nice additions.
ajaxCFC now supports built-in improve security, enforcing get or posts verbs, and also optionally checks for the http-referer to match your site. These two checks will prevent a third party to monitor http packets and try to call them manually by pasting the full ajax request to a browser.
I personally always Firefox and Live HTTP headers debug my ajax applications and I recommend using get methods and allow blank referers for development environments; but you need to be able to lock it down for production.
And talking about development, don't you hate when you think you're doing everything right, but there is no way to see what the server is getting out of your ajax request? I added some debugging abilities too that write into a debug file.
More details on the implementation of these updates are available in the documentation inside the download.
ajaxCFC now supports built-in improve security, enforcing get or posts verbs, and also optionally checks for the http-referer to match your site. These two checks will prevent a third party to monitor http packets and try to call them manually by pasting the full ajax request to a browser.
I personally always Firefox and Live HTTP headers debug my ajax applications and I recommend using get methods and allow blank referers for development environments; but you need to be able to lock it down for production.
And talking about development, don't you hate when you think you're doing everything right, but there is no way to see what the server is getting out of your ajax request? I added some debugging abilities too that write into a debug file.
More details on the implementation of these updates are available in the documentation inside the download.
TrackBacks
There are no trackbacks for this entry.
Trackback URL for this entry:
http://www.robgonda.com/blog/trackback.cfm?3CD65731-3048-7431-E4AEB5F7DCD1E893
http://www.robgonda.com/blog/trackback.cfm?3CD65731-3048-7431-E4AEB5F7DCD1E893
Indeed, I used it every day for all ajax tasks... and others, such as monitoring google analytics traffic, webtrends traffic, and so on.
btw, I also use Ethereal (http://www.ethereal.com), which is a little more complex, not as straight forward, but can get you better information.
It is occuring during this line of code at line 458 in engine.js. I get this in Firefox and in IE on a windowsXP machine.
batch.req.send(null);
Any insight on this?
Thanks for the work you've already done. Any help you can offer will be greatly appreciated.
That is quite odd; because that line is inside a try … you should never get an error there.
BTW, let me clarify that I was not using ajaxCFC for the examples of my articles. I developed it after writing them because I felt that it the framework I was using had some limitations.
When you run my echo examples, with no modification, do you get that exact error? It's a little hard to guess, because syntax error is a little vague.
Please confirm, and if you want and your code is web accessible, email me the link and I'll be happy to take a look at it.
-Rob
The examples just work fine when I put them under the {webroot} of apache & cf.
I also have projects with root outside of the root and an alias in apache and a mapping in cfserver. when I put the echo-examples in this folder and try to run it. I get a server error alert ('invalid reply from server') and in firefox js console this message:
------------
[Exception... "'Die Erlaubnis für das Setzen der Eigenschaft XULElement.selectedIndex wurde verweigert' when calling method: [nsIAutoCompletePopup::selectedIndex]" nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)" location: "JS frame :: http://localhost/bonneville/_tests/echo/js/engine.... :: anonymous :: line 124" data: no]
Quelldatei: http://localhost/bonneville/_tests/echo/js/engine....
Zeile: 124
------------------------
first line is in german, in english: No permission to set attributes in XULElement.selectedIndex.
any ideas?
by the way... it would be nice to have a mailinglist on google or yahoo groups for ajaxCFC
Daniel Schmid
http://groups.yahoo.com/group/ajaxcfc/
I'll address this problem by email or through the group.