Geek Answers Handbook

Implementing an HTTP proxy to overcome AJAX restrictions for cross-site requests (?)

I have a Spring-MVC webapp (3.0.5-RELEASE) that needs to access JSON web services from another webapp in another subdomain (from client / browser via AJAX).

I solved this in the past:

  • writing a simple controller that proxies requests using Apache Commons HttpClient to handle requests. Thus, overcoming the security restrictions of cross-site / cross-source requests for most browsers

  • server-side JSONP implementation (when invoking our own JSON services) - not always possible

In the case where JSONP is not possible, is there a better way to do (1.)?

and / or

Is there a library that will handle this for me? So I don’t need to write all the HttpClient code myself - there isn’t much code for it, but I wonder if I (badly) reinvent the wheel.

+6
java spring ajax spring-mvc proxy
source share
2 answers

I often had to consume third-party web services (APIs), and, as you mentioned, JSONP is not always an option. Here's how I do the design:

  • If the API is user centric, it should provide a jsonp interface and what I will use. A user reference means that you cannot perceive any reason for calling the API, perform some calculations with the response, it can be called by one of your ajax services, and then combine the response and show the user.

  • If my use case includes an API call and then a response action, such as calling additional services from my application, combining the data and showing it to the user, I would prefer not to do this in the browser. Instead, I would use RestTemplate and make api callbacks for service. In this case, there are no restrictions on the cross region.

The only case when using a proxy server to bypass jsonp is when you create a product that allows people to create custom plugins, plugins located on your page, but you need to make Ajax calls to application developers servers. This is a very important case! (As an example, consider how Apigee creates the REST Public Facing API for your existing URLs or how Zendesk allows you to develop applications)

Hope this helps.

0
source

If you use a web server such as Apache as an interface, you can simply enter the mod_rewrite or mod_proxy and ask Apache to redirect for you. There are security issues with mod_proxy on a public machine available on the Internet, but for an intranet this is not a problem. mod_rewrite is the best choice, even if spells are secret to him.

This requires that you have access to the main Apache file httpd.conf as well as the Apache mod_proxy extension loaded. Apache proxy directives are not allowed in local .htaccess , therefore this method is not the best choice for developers of shared hosting services.

 # Pass the call from http://www.yourserver.com/call to http://api.local.yahoo.com ProxyPass /call/ http://api.local.yahoo.com/ # Handle any redirects that yahoo might respond with ProxyPassReverse /call/ http://api.local.yahoo.com/

Another way to do this is to use Apache mod_rewrite using the passthru directive:

 RewriteEngine on RewriteRule ^/call/(.*)$ http://api.local.yahoo.com/$1 [P]
-one
source

More articles:


All Articles