All, Just as an aside, since my code is running on an apache server, I set up Apache a proxy server so that to the browser it looks like its on the same machine.
As Florian mentioned, if the CMIS repo supported JSOP [ours doesnt'] there are some other tricks that can be utilized to work around the browser's security model. Here is overall movement to allow CORS in some fashion: http://enable-cors.org/ In our case since everything is within our control using Apache as a proxy works for us. Thanks, Ron DiFrango ________________________________________ From: Florian Müller [[email protected]] Sent: Saturday, February 16, 2013 5:36 AM To: [email protected] Cc: [email protected] Subject: Re: Javascript Library? Hi Peter, The browser binding defines its own mix of JSONP and tokens to get around the same-origin-policy. There is sample code in the OpenCMIS server package that makes use of postMessage to securely exchange tokens between the repository and the client. But this is just one way to implement it. When we discussed this binding, CORS was not or not sufficiently supported by some browsers and therefore not an option. We wanted an approach that works with all (modern) browsers. If browser and repository both support CORS the browser binding approach still works, but the underlying implementation can be much simpler. Florian > G'day Florian, > > Are you saying the browser binding does something itself to get around the > browser single-origin sandbox, or does the CMIS server need to support > additional mechanisms (e.g. CORS [1]) in order for this to work? > > Cheers, > Peter > > [1] http://www.w3.org/TR/cors/ > > > > > > > On Feb 15, 2013, at 11:02 AM, Florian Müller<[email protected]> wrote: > >> Hi Ron, >> >> The CMIS 1.1 Browser Binding has been designed to host a JavaScript >> application on a different host/domain than the CMIS repository. >> The spec defines how to get and send data and content from and to the >> repository, how to login a user, how to prevent CSRF issues, etc. with just >> plain JavaScript. A library like jQuery makes it easier, but is not required. >> >> With the Browser Binding it is possible to create a JavaScript application >> and later hook it up any CMIS 1.1 compliant repository wherever it is hosted. >> >> >> Florian >> >> >>> Thanks Jeff/Florian. I figured as much but wanted to ask to make sure >>> that my Google searches weren't failing me. >>> >>> I think the trick with JS is that typically you can't post back to a >>> server other than your own so this would have to live on the same server >>> as the CMIS repo does which in my case may not be true. >>> >>> Ron DiFrango >>> Director / Architect | CapTech >>> (804) 855-9196 | [email protected] >>> <https://email4.captechventures.com/owa/UrlBlockedError.aspx> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> On 2/15/13 1:42 PM, "Jeff Potts"<[email protected]> wrote: >>> >>>> Ron, >>>> >>>> I don't think this has moved much in a few years, but you might look to >>>> see if any of it is useful: >>>> https://github.com/apache/chemistry-jsclient >>>> >>>> Jeff >>>> >>>> On Feb 15, 2013, at 11:57 AM, Florian Müller wrote: >>>> >>>>> Hi Ron, >>>>> >>>>> There are some bits and pieces, but no, there is no JavaScript library >>>>> and as far as I know there are no plans to create one. >>>>> >>>>> >>>>> Florian >>>>> >>>>> >>>>>> All, >>>>>> >>>>>> Is there an official Chemistry Javascript library available? If not >>>>>> are there plans to create one? >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Ron DiFrango >>>>>> Director / Architect | CapTech >>>>>> (804) 855-9196 | >>>>>> [email protected]<https://email4.captechventures.com/owa/U >>>>>> rlBlockedError.aspx> >>>>>> >>> > >
