[mashup-dev] WSAS Prominent Network Interface Re-direction inherited in the Mashup Server

Tyrell Perera tyrell at wso2.com
Fri Jun 1 09:54:51 PDT 2007 

On Fri, 2007-06-01 at 21:24 +0530, saminda abeyruwan wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> In WSAS, we are enforcing this due to "Same Origin Policy:
> Protecting Browser State from Web Privacy Attacks". This has been
> enforced in Firefox 1.5 onwards.
> 
> For more info please refer to
> http://kb.mozillazine.org/Security_Policies
> 
> Thus, simply, if your machine has assigned an IP, Firefox doesn't allow
> you to fetch data from XMLHttpRequest, if loopback address is used.

I was wondering of a 'possible' scenario (specific to mashup server),
where a user does not have an assigned IP in his local machine. Does
firefox allow the use of loopback address then?

A workaround would be to manually set a static IP (and it works). But I
was wondering whether there is a way to detect this scenario without
user intervention.

Thanks,

Tyrell


> 
> The work around to these problems has been a simple redirection to the
> prominent address.
> 
> We didn't experience SOP problems in IE6 and IE7. (I'm a Linux guy :) ) .
> 
> Thank you
> 
> Saminda
> 
> 
> Tyrell Perera wrote:
> > Hi all,
> > 
> > I have noticed that since the Mashup Server is based on WSAS, it
> > redirects calls to the loopback address, to the prominent interface IP.
> > In other words, a user can not use 127.0.0.1 or localhost to connect to
> > the Mashup server.
> > 
> > Since we are planning on allowing the users to install the server
> > locally in their individual machines, is this a vice approach?
> > 
> > Consider a scenario where a user logs to a corporate network using DHCP.
> > This means his machine will have a dynamically allocated IP while on the
> > network and 'no IP' while disconnected. If this user tries to work on
> > the Mashup server while he is disconnected (i.e.; at home), he might not
> > be able to do so.
> > 
> > I'm sure there is a valid reason behind the usage of this approach in
> > WSAS. But is it absolutely necessary on the Mashup server?
> > 
> > Thanks,
> > 
> > Tyrell
> > 
> > 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFGYEEgYmklbLuW6wYRAkcxAJ9pcOi5+RCRaBBYRszu6CIU2GJIvgCfeVL5
> 7Nv0ai/4328O3iunZPYqS0c=
> =u4eD
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Mashup-dev mailing list
> Mashup-dev at wso2.org
> http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev

-- 
Tyrell Perera
Senior Software Engineer; WSO2, Inc.; http://www.wso2.com/
email: tyrell at wso2.com; cell: +94 77 302 2505

"Oxygenating the Web Service Platform."

More information about the Mashup-dev mailing list