[mashup-dev] WSAS Prominent Network Interface
Re-direction inherited in the Mashup Server
saminda abeyruwan
saminda at wso2.com
Fri Jun 1 08:54:08 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
In WSAS, we are enforcing this due to "Same Origin Policy:
Protecting Browser State from Web Privacy Attacks". This has been
enforced in Firefox 1.5 onwards.
For more info please refer to
http://kb.mozillazine.org/Security_Policies
Thus, simply, if your machine has assigned an IP, Firefox doesn't allow
you to fetch data from XMLHttpRequest, if loopback address is used.
The work around to these problems has been a simple redirection to the
prominent address.
We didn't experience SOP problems in IE6 and IE7. (I'm a Linux guy :) ) .
Thank you
Saminda
Tyrell Perera wrote:
> Hi all,
>
> I have noticed that since the Mashup Server is based on WSAS, it
> redirects calls to the loopback address, to the prominent interface IP.
> In other words, a user can not use 127.0.0.1 or localhost to connect to
> the Mashup server.
>
> Since we are planning on allowing the users to install the server
> locally in their individual machines, is this a vice approach?
>
> Consider a scenario where a user logs to a corporate network using DHCP.
> This means his machine will have a dynamically allocated IP while on the
> network and 'no IP' while disconnected. If this user tries to work on
> the Mashup server while he is disconnected (i.e.; at home), he might not
> be able to do so.
>
> I'm sure there is a valid reason behind the usage of this approach in
> WSAS. But is it absolutely necessary on the Mashup server?
>
> Thanks,
>
> Tyrell
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGYEEgYmklbLuW6wYRAkcxAJ9pcOi5+RCRaBBYRszu6CIU2GJIvgCfeVL5
7Nv0ai/4328O3iunZPYqS0c=
=u4eD
-----END PGP SIGNATURE-----
More information about the Mashup-dev
mailing list