XMLHttpRequest to a different server

HCL Domino Domino Forum
1

Hi,

Is the below possible?

This agent runs on one server and the view I want to do the lookup is on another server.

Both servers are in the same domain. But server1 with the script are in the dmz while the other is inside the firewall.

After the alert(“1”) it stops saying no access. anonymous access is set to no access so I guess I would have to login with a username/pwd. But if I do it will be visible and security lower.

How could I solve a typeahead lookup like this when the user runs the code on one server and the lookup view is on another?

Many thanks in advance.

Staale

var xmlReq;

var curEntryStr;

var returnField;

var evt; // a generic variable to handle the keystroke events

// STEP 1: Typing in the field calls doTypeAheadField(this)

function doTypeAheadField(fieldObj, evt,nab) {

evt = (evt) ? evt : (window.event) ? window.event : "";

returnField = fieldObj;

var keyNum = evt.keyCode;

var itemName = fieldObj.name;

if (keyNum == 40 && tsGetItemValue(fieldObj)[0] != ""){

	// the down arrow was pressed

	goToTypeAheadList(itemName);

} else if (keyNum == 13 || keyNum == 27 || keyNum == 188) {

	checkForEnterEsc(keyNum);

} else 	if (isCharacterKeystroke(keyNum)) {

	// only do all this if it's an allowable keystroke (skip arrows, enter, etc.)

	var fieldVal = tsGetItemValue(fieldObj);

	// curEntryStr = characters entered right of the comma, if there is one.

	curEntryStr = (fieldVal[0].lastIndexOf(",") > -1) ? tsTrim(tsRightBack(fieldVal, ","))[0] : fieldVal;

	//alert(curEntryStr);

	if (fieldVal[0] == ""){

		// the field is blank. Hide the type-ahead

		document.getElementById(itemName + "TAOutput").style.display = "none";

	} else {

		// the field has a value. compute and show applicable type-ahead options

		// Do AJAX call

		createXMLHttpRequest("callback", "http://servername/database.nsf/view?readviewentries&startkey=" + curEntryStr);

	}

}

}

// STEP 2: This calls asynchronous XML retrieval

function createXMLHttpRequest(responseFunction, url) {

if (window.ActiveXObject) {

	xmlReq = new ActiveXObject("Microsoft.XMLHTTP");

} else if (window.XMLHttpRequest) {

	xmlReq = new XMLHttpRequest();

}



alert("1");

xmlReq.open("Get", url, false, "", "" );

alert("2");

xmlReq.onreadystatechange = eval(responseFunction);

xmlReq.send(null);

}

2

Subject: XMLHttpRequest to a different server

Staale,

It doesn’t look like you provided a complete code sample. Some functions are missing, such as goToTypeAheadList(), checkForEnterEsc(), and isCharacterKeystroke().

What you are trying to do may classify as cross-server scripting, a capability that has been exploited by hackers. The problem could be that your web browser is stopping you. There may be a setting/preference somewhere that you could change to allow it to occur, but all users would be affected.

My first suggestion is to find out if what you want to accomplish is possible by opening up access to the DB on the other server. Allow anonymous/default users to read public documents in the DB ACL. Then allow the view to accept public access users. Test that you have relaxed security by simply trying to open the view in a web browser without signing into the server. Once that works, try running your program.

Ken

3

Subject: XMLHttpRequest to a different server

You will need to set up single sign-on (SSO) between the two servers.