"Pure JSON" interaction with meteord?

17 views
Skip to first unread message

Douglas Bischoff

unread,
Jul 19, 2009, 5:30:24 PM7/19/09
to meteorserver
Hello, all:

I am likely out of luck here, but I am struggling to find a way to
implement a meteor server on a completely different domain and port
than my Apache server that will be cross-browser compliant.

All I need is a way to have the meteord server stream (or perhaps long-
poll) JSON-formatted messages (added via a PHP script connected to the
meteord's command port and already in JSON format) to clients that
connect via the html page served from a totally different domain.
(This is because I am using a commercial web server that will not
allow me to run meteord on their system, and my in-house servers
cannot run Apache.)

My current tests all fail immediately after the connection is made,
with the following error showing up in FireBug:
"Permission denied for <http://meteorserver.com> to get property
Window.Meteor from <http://htmlserver>." (obviously I've changed the
domain names but you get the point.)

This is stopping the Meteor.register function from processing and
therefore declaring all its variables & processes etc. etc. including
the all-important "p" function.

From reading through here I can find lots of ideas on how to get the
messages formatted the way I want (escaped strings, etc.) but nothing
that will get around the basic problem that prohibits the line
"parent.Meteor.register(this);" from executing.

Thanks for any help, and I apologize in advance if this is something I
should've seen in documentation somewhere but I simply can't find a
solution yet.

-Doug

Andrew Betts

unread,
Jul 19, 2009, 5:45:13 PM7/19/09
to meteorserver
Doug,

This problem is due to cross domain security restrictions. I have
documented the situation here:

http://meteorserver.org/browser-techniques/xssinfo

If you can engineer it so that your Meteor server is on a host with a
hostname that is a subdomain of your apache server, ie:

Meteor: data.example.com
Apache: example.com

Then Meteor will work just fine. This is the configuration it expects
you to set up. But you say 'totally different domain' by which I
assume you mean that this option will not work for you. In that case
Meteor's current JavaScript client cannot help you. There are a
number of solutions to this 'in the wild' but none are currently
supported by meteor. Feel free to add support for them!

For example: http://www.frozenmountain.com/pt/blog/default.aspx?id=1&t=Secure-CrossSite-CrossDomain-Scripti

Cheers,

Andrew

Douglas Bischoff

unread,
Jul 20, 2009, 9:39:01 AM7/20/09
to meteorserver
Thanks for the helpful information, Andrew!

I figured it was all due to cross domain restrictions (and had read
the excellent articles explaining various methods of getting around
it) but it wasn't until I realized that the answer wasn't in meteor or
Apache... but in my DNS configuration that I got everything to work.

Silly me: never occurred to me that "example.com" at X.X.X.X and
"data.example.com" Y.Y.Y.Y didn't even have to be on the same
subnet... it wasn't the IP numbers that mattered!! So I just added a
DNS record as shown in the setup documentation and voila...
everything's working just fine.

Thank you for taking the time to answer!

-Doug

On Jul 19, 5:45 pm, Andrew Betts <andrew.be...@gmail.com> wrote:
> Doug,
>
> This problem is due to cross domain security restrictions.  I have
> documented the situation here:
>
> http://meteorserver.org/browser-techniques/xssinfo
>
> If you can engineer it so that your Meteor server is on a host with a
> hostname that is a subdomain of your apache server, ie:
>
> Meteor: data.example.com
> Apache: example.com
>
> Then Meteor will work just fine.  This is the configuration it expects
> you to set up.  But you say 'totally different domain' by which I
> assume you mean that this option will not work for you.  In that case
> Meteor's current JavaScript client cannot help you.  There are a
> number of solutions to this 'in the wild' but none are currently
> supported by meteor.  Feel free to add support for them!
>
> For example:http://www.frozenmountain.com/pt/blog/default.aspx?id=1&t=Secure-Cros...
Reply all
Reply to author
Forward
0 new messages