[Users] GeoExt.data.WFSCapabilitiesStore: cross domain
Andreas Hocevar
ahocevar at opengeo.org
Thu Oct 22 02:45:36 CEST 2009
Accessing WMS to get map tiles (GetMap), legends (GetLegendGraphic) or plain text / html feature info (GetFeatureInfo) also works across domains. But as soon as you need Javascript to parse and process the server response, you need a proxy.
ScriptTagProxy works with all services that wrap their payload in a callback function you provide. GeoServer e.g. supports JSONP as WFS output format, which does exactly that. But that is beyond any OGC spec.
If a proxy is configured the right way (e.g. if it only processes OGC content types), it does not expose a big security risk. So I di not see a showstopper here.
Regards,
Andreas.
----- Ursprüngliche Nachricht -----
Von: Cédric Moullet <cedric.moullet at camptocamp.com>
Gesendet: Donnerstag, 22. Oktober 2009 08:59
An: Eric Lemoine <eric.lemoine at camptocamp.com>
Cc: Andreas Hocevar <ahocevar at opengeo.org>; users <users at geoext.org>
Betreff: Re: [Users] GeoExt.data.WFSCapabilitiesStore: cross domain
Thanks for these clarifications.
So this means that the only way to access WMS servers on other domains is to
create a server proxy ? Or do you see a way to do that only with GeoExt ?
Thanks.
Cédric
On Wed, Oct 21, 2009 at 9:26 PM, Eric Lemoine
<eric.lemoine at camptocamp.com>wrote:
> 2009/10/21 Andreas Hocevar <ahocevar at opengeo.org>:
> > Cédric Moullet wrote:
> >> Hi,
> >> In GeoExt.data.WFSCapabilitiesStore, the Ext.data.HttpProxy is used.
> >> Is there any reason why Ext.data.ScriptTagProxy is not used ?
> >
> > Yes, there is. XML in a script tag would get you nothing but a script
> > execution error.
> >
> >> This would avoid the cross domain problem.
> >
> > But only if the response from the server was executable JavaScript.
>
> yes. Cédric was mentioning geonames to me. In the case of geonames you
> can provide a "callback" parameter in the request (e.g.
> &callback=myhandler), in that case the response from geonames looks
> like this : "myhandler({"totalResultsCount":23,"geonames":[{"fcl":"P",
> ....]});". So if you use a ScriptProxy that response is evaluated by
> the javascript engine, and myhandler gets executed.
>
> Hope this clarifies it,
>
> --
> Eric Lemoine
>
> Camptocamp France SAS
> Savoie Technolac, BP 352
> 73377 Le Bourget du Lac, Cedex
>
> Tel : 00 33 4 79 44 44 96
> Mail : eric.lemoine at camptocamp.com
> http://www.camptocamp.com
>
--
CTO Geospatial Camptocamp SA
Cédric Moullet
PSE A
CH-1015 Lausanne
www.camptocamp.com / www.mapfish.org / twitter.com/cedricmoullet /
mapfishblog.blogspot.com/
+41 79 759 69 83 (mobile)
+41 21 619 10 21 (direct)
+41 21 619 10 10 (centrale)
+41 21 619 10 00 (fax)
More information about the Users
mailing list