Calling function on remote server.
53 views
Skip to first unread message
John Andrews
Feb 25, 2015, 5:00:14 PM2/25/15
to lif...@googlegroups.com
So I have a Scala/Lift application, using CometActors and REST. I'm trying to figure out if there's a secure methodology such that I can call a function on one server from another Scala/Lift application on a different server.
This is mostly to get around the Same Origin Policy, but I'm not particular on where this is done client/javascript side or server side. In essence I'm trying to make it so that when I click a button on a client to 'Play' the other open server/client is told to 'Play' as well.
There's a few things I've read about Ajax and XMLHttpRequest (as well as other things that use Flash/iFrame which isn't helpful for a Lift app) but most seem hacky/subverting security and I want to see if there's a nice Java/Scala/Lift solution.
Anyone have any ideas the best method to do this, and if it can be secureable?
This is mostly to get around the Same Origin Policy, but I'm not particular on where this is done client/javascript side or server side. In essence I'm trying to make it so that when I click a button on a client to 'Play' the other open server/client is told to 'Play' as well.
There's a few things I've read about Ajax and XMLHttpRequest (as well as other things that use Flash/iFrame which isn't helpful for a Lift app) but most seem hacky/subverting security and I want to see if there's a nice Java/Scala/Lift solution.
Anyone have any ideas the best method to do this, and if it can be secureable?
Diego Medina
Feb 25, 2015, 5:06:20 PM2/25/15
to Lift
For this I would do the communication on the server side, using something like a message queue (RabbitMQ, etc)
Where you can pass information from server A in, let's say json, which will include enough info for server B to "start playing".--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code
---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Antonio Salazar Cardozo
Feb 25, 2015, 6:55:12 PM2/25/15
to lif...@googlegroups.com
There are another couple of options:
- Using CORS to allow a call from the page on server B to reach server A. Provided
the right headers, this should be transparent to the AJAX code, I believe.
- Using JSONP in your responses, though this means you won't be able to use the
default Lift mechanism for AJAX requests, as you need to create them in a JSONP-
compatible way. This can get nasty.
Thanks,
Antonio
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
John Andrews
Feb 26, 2015, 11:01:42 AM2/26/15
to lif...@googlegroups.com
Yeah I saw JSONP - but I quickly saw that would mess with Ajax and Lift so that's out. I'll see if CORS is possible, but hopefully Diego's RabbitMQ is feasible as I think this is preferable to work server side so that Lift/Ajax isn't impacted.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Antonio Salazar Cardozo
Feb 26, 2015, 2:18:42 PM2/26/15
to lif...@googlegroups.com
Cool, as long as you have a way forward :)
Thanks,
Antonio
John Andrews
Mar 12, 2015, 4:40:13 PM3/12/15
to lif...@googlegroups.com
I've been looking at examples for CORS, and none of them seem to actually outline how you would make a call on 1 server, and what the other server actually does. Most just go into specifics of 'you must do this for cross-origin and headers' without really specifying where any of that goes. Do you know of a good example that shows "Press Button on A, Function on B is called" - and details how CORS accomplishes this?
Antonio Salazar Cardozo
Mar 13, 2015, 4:28:56 PM3/13/15
to lif...@googlegroups.com
CORS is just a way of telling the browser that it's allowed to do a cross-domain request. Once
that is allowed, everything else looks exactly the same way a standard AJAX request would. It's
just that without CORS, you can only make such a request to the same domain that the page
is served from.
Thanks,
Antonio
Diego Medina
Mar 13, 2015, 4:45:30 PM3/13/15
to Lift
This page shows a good outline on the topic,
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
And to be more specific, if you control both, server A and server B, and the user is on server A and needs to send an ajax request to server B, on server B you need to setup the LiftRule to add the header:
Access-Control-Allow-Origin: http://serverA.com
Hope that helps.https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
And to be more specific, if you control both, server A and server B, and the user is on server A and needs to send an ajax request to server B, on server B you need to setup the LiftRule to add the header:
Access-Control-Allow-Origin: http://serverA.com
Reply all
Reply to author
Forward
0 new messages