I think that is what is happening. What is really odd is that when cfdump is run in the app.cfc in the remote directory, it has full access to the application and even sees the M2 methods. It just crashes whenever it tries to read from the getProperty method.
Â
I’m using the onRequestEnd in the remote directory to turn off debugging, and to call the main onRequestEnd in the main app.cfc to run some auditing processes. I can include all of the code if that would help?
Â
Jordan
Â
From: mach-ii-for...@googlegroups.com
[mailto:mach-ii-for...@googlegroups.com] On Behalf Of Peter J.
Farrell
Sent: Tuesday, October 20, 2009 4:13 PM
To: mach-ii-for...@googlegroups.com
Subject: [Mach-II] Re: Mach II Properties in an AJAX request
Â
Sounds like your Application.cfc being used in the AJAX
proxy directory is not inheriting from your Application.cfc in which Mach-II is
being loaded. That kind of error signifies that no application properties
(at the top of your Application.cfc) have been defined. You could be able
to do a <cfdump var="#application#"/>Â in your
onRequestStart() method. Any reason why you're using onRequestEnd
instead? The Mach-II bootstrapper uses onRequestStart() by default.
Sharing some additional code would be helpful.
..pjf
Â
No
virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.422 / Virus Database: 270.14.22/2446 - Release Date: 10/20/09
10:43:00
Just curious why you abort your AJAX events in your example code? If it
has to do with Mach-II debugging output, you can programmatically turn
that off on an event by event basis (see the doco for the event-arg you
need to set).
> When it comes down to it, making an ajax call should never be treated
> any differently than any other call from the browser, regardless of the
> platform the application runs under, since it is always under the
> direct control of the browser anyway.
>
I totally agree normal browser requests and AJAX requests are just plain
old HTTP calls. It's just that AJAX is inside the user agent already so
it's probably going to do more stuff. They both of be secured the same way.
You can do some additional security because most AJAX libraries some
additional information in the user agent string and/or HTTP request
headers that identify it as an AJAX request. You could easily write a
plugin that looks for this information for AJAX events in Mach-II. This
would disallow the casual person from requesting that even via the
browser url -- however it's no replacement for true security in case
somebody spoofs headers / data via some other mechanism.
> All of this is of course, just my opinion. your mileage may differ.
>
Jordan, I'm curious where you read AJAX through Mach-II is bad. I think
is the past a few people have vocalize that they thought this might be
bad, but I've never been very convinced due to the lack of reasons. Bad
for bad sake isn't true reason to me. I guess Team Mach-II has never
really said otherwise to use AJAX in Mach-II, but from what we've talked
about for future versions of the framework -- AJAX integration / hooks /
tools for you to use will be expanded (my arm is being twisted a bit by
former team member Kyle Hayes to use DOJO -- he just wrote a book on
DOJO and I must admit people are over looking that framework).
Best,
.Peter