Skip to main content

YUI Cross-Domain transactions without Flash

Recently I've worked on the application making cross-domain ajax calls with YUI. While YUI offers io-xdr module for making cross-domain requests via Flash transport, it seems to me quite unnatural as it leads to unnecessary complexity. Moreover, io-xdr was marked deprecated several months ago without explicit mentioning the preferred way. An obvious alternative is using XMLHttpRequest as a transport for cross-domain requests. However, it has some limitations and undocumented pitfalls that I'd like to review in this post.
  1. Cross-Domain request using XMLHttpRequest.
  2. YUI IO Utility.
  3. YUI Datasource IO.
Cross-Domain request using XMLHttpRequest
Cross-domain requests can be sent using a common XMLHttpRequest object. The only requirement is that the server must be configured to properly handle those requests. Specifically, it should set the Access-Control-Allow-Origin response header according to Cross-Origin Resource Sharing specification. For more details and good tutorials you can refer to Mozilla documentation.

YUI IO Utility
When I've tried to create a cross-domain request with YUI IO Utility, I've got the following JavaScript error:
OPTIONS https://request-url Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. io-base.js:731
XMLHttpRequest cannot load https://request-url. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. 
Apparently, YUI IO Utility sends a preflight OPTIONS request first due to the X-Requested-With header. It looks like a recurring bug in YUI that seems to have been fixed. Anyway there is a guaranteed way to resolve this issue as you can unset headers since YUI 3.3.0. An example:
Y.io(remote_resource_uri, {
    headers: {
        'X-Requested-With': 'disable'
    }
});

YUI Datasource IO
As soon as you've found the above solution, it's easy to make Datasource.IO working with cross-domain requests. You just need to provide the optional ioConfig parameter to the datasource constructor:
var ds = new Y.DataSource.IO({
    source: remote_resource_uri,
    ioConfig: { 
        headers: { 
            'X-Requested-With': 'disable' 
        } 
    }
});

Comments

Popular posts from this blog

DynamicReports and Spring MVC integration

This is a tutorial on how to exploit DynamicReports reporting library in an existing  Spring MVC based web application. It's a continuation to the previous post where DynamicReports has been chosen as the most appropriate solution to implement an export feature in a web application (for my specific use case). The complete code won't be provided here but only the essential code snippets together with usage remarks. Also I've widely used this tutorial that describes a similar problem for an alternative reporting library. So let's turn to the implementation description and start with a short plan of this how-to: Adding project dependencies. Implementing the Controller part of the MVC pattern. Modifying the View part of the MVC pattern. Modifying web.xml. Adding project dependencies I used to apply Maven Project Builder throughout my Java applications, thus the dependencies will be provided in the Maven format. Maven project pom.xml file: net.sourcefo

Using Oracle impdp utility to reload database

Here I'll show an example of using Oracle Data Pump Import (impdp) utility. It allows importing Oracle data dumps. Specifically, below is the list of steps I used on an existing Oracle schema to reload the data from a dump. Steps to reload the data from an Oracle dump We start with logging into SQL Plus as sysdba to be able to manage users. sqlplus sys/password@test as sysdba Dropping the existing user. CASCADE clause will ensure that all schema objects are removed before the user. SQL> DROP USER test CASCADE; Creating a fresh user will automatically create an empty schema with the same name. SQL> CREATE USER test IDENTIFIED BY "testpassword"; Granting DBA role to the user to load the dump later. Actually, it's an overkill and loading the dump can be permitted using a more granular role IMP_FULL_DATABASE . SQL> GRANT DBA TO test; Registering the directory where the dump is located. SQL> CREATE DIRECTORY dump_dir AS '/home/test/dumpd

Connection to Amazon Neptune endpoint from EKS during development

This small article will describe how to connect to Amazon Neptune database endpoint from your PC during development. Amazon Neptune is a fully managed graph database service from Amazon. Due to security reasons direct connections to Neptune are not allowed, so it's impossible to attach a public IP address or load balancer to that service. Instead access is restricted to the same VPC where Neptune is set up, so applications should be deployed in the same VPC to be able to access the database. That's a great idea for Production however it makes it very difficult to develop, debug and test applications locally. The instructions below will help you to create a tunnel towards Neptune endpoint considering you use Amazon EKS - a managed Kubernetes service from Amazon. As a side note, if you don't use EKS, the same idea of creating a tunnel can be implemented using a Bastion server . In Kubernetes we'll create a dedicated proxying pod. Prerequisites. Setting up a tunnel.