How to cross-domain in HTML5, Javascript API

Permanently deleted user

February 08, 2014 00:11

Hi,

I'm new in Geocortex Essentials. I want to access to site resource from another host ( for example access from client.domain.com to server.domain.com like below: http://client.domain.com/ResultMappings/index.html?configBase=http://server.domain.com/Geocortex/Essentials/REST/sites/ResultMappings/viewers/ResultMappings/virtualdirectory/Resources/Config/Default) 

 

but the map is blank and the below error message appear:

Geocortex: Could not load configuration file.

 

RequestError: Unable to load http://server.domain.com/Geocortex/Essentials/REST/sites/ResultMappings/viewers/ResultMappings/virtualdirectory/Resources/Config/Default/Desktop.json.js status: 0

 

The resource from this URL is not text: http://js.arcgis.com/3.8/

I know it's basically a security issue, according to this article https://support.geocortex.com/map-does-not-appear-in-silverlight-or-flex-viewer

 

I have config “crossdomain.xml” and “clientaccesspolicy.xml” to allow any application to access the data on the host server but it doesn’t work. 

 

Can anyone let me know how to config cross domain in HTML5 - Javascript API ?

Any help would be greatly appreciated

 

Regards,

 

HD

 

 

0

• 

  Permanently deleted user

  February 08, 2014 00:45

  Hi Huy,

   

   See the section called "Set Up a Proxy Page" in Geocortex Viewer for HTML5 Installation Guide or the Geocortex Viewer for HTML5 Administrator and Developer Guide. The crossdomain.xml and clientaccesspolicy.xml are only used by the Silverlight or Flex viewers.

  regards,

   

  Edmond

  0
• 

  Permanently deleted user

  February 08, 2014 01:51

  The viewer does not load configuration across domains for security reasons. If it did, I could craft a malicious link like https://yourserver/viewer.html?configBase=https://myserver/malicious.json. If you were to click on that link, my malicuous configuration and/or code would be running in the context of https://yoursever, allowing me to access cookies, locally stored data, and potentially even authentication materials if you happen to log in to a secured Site.

  The ideal setup is to host the viewer on the same domain as Essentials. They are both web-tier applications, and it avoids a lot of security constraints.

  If you simply must host the viewer on a separate domain, you can add a rule to proxy.config for the other domain and prefix your configuration URL with the proxy. For example:

  http://client.domain.com/ResultMappings/index.html?configBase=proxy.ashx? http://server.domain.com/Geocortex/Essentials/REST/sites/ResultMappings/viewers/ResultMappings/virtualdirectory/Resources/Config/Default

  0
• 

  Permanently deleted user

  February 08, 2014 21:41

  Thanks Edmond,  Jason !

  I will give it a try.

  HD

  0

Please sign in to leave a comment.