Modified: jquery/jquery.xsajax.html =================================================================== --- jquery/jquery.xsajax.html 2007-04-13 14:39:58 UTC (rev 36) +++ jquery/jquery.xsajax.html 2007-04-13 17:18:08 UTC (rev 37) @@ -3,6 +3,9 @@ jQuery XS AJAX Plugin +

jQuery XS AJAX Plugin

@@ -11,7 +14,7 @@ It is well known that with the help of a dynamically generated DOM node corresponding to a XHTML <script> - element one can achieve a portable cross-site (XS) variation + element, one can achieve a portable cross-site (XS) variation of an AJAX-style client-server communication as the <script> element is not staying under the "same-origin security policy" which restricts all the regular @@ -23,10 +26,12 @@ hrf="jquery.xsajax.js">jquery.xsajax.js is a jQuery plugin, providing an abstraction layer for this functionality by resembling the - standard AJAX-based jQuery.getScript(url, callback) function with a - companion jQuery.getScriptXS(url, callback) function. + standard AJAX-based jQuery.getScript(url, callback) + function with a companion jQuery.getScriptXS(url, + callback) function. -

Hints

+ Notice 1: the point of this plugin is not the bare dynamic generation of the <script>. The point is that a callback function is executed once the script was @@ -43,19 +48,22 @@ customer login form. Once the customer was authenticated, a cookie containing a "certificate" should be set. Setting this for ".example.com" is trivial, but how do you at the - same time set it for all three domains? The solution is - this: www.example.com/login uses jQuery.getScriptXS() to - send the issued "certificate" via a query string to both - www.example.net/reflector and www.example.org/reflector. - Behind those URLs a small CGI just converts the "certificate" - in the query string into a corresponding HTTP response cookie - (now for its own domain!) and returns even a possibly empty - JavaScript script. Once www.example.com/login has received the - two final notification (via the callback function) that both - scripts were loaded, it knows that the two third-party cookies - were set and can proceed by forwarding to the next page in - sequence. Last hint: keep P3P in mind for MSIE when setting - the cookie in the HTTP response ;-) + same time set it for all three domains? + +

+ The solution is this: www.example.com/login uses + jQuery.getScriptXS() to send the issued "certificate" + via a query string to both www.example.net/reflector and + www.example.org/reflector. Behind those URLs a small CGI + just converts the "certificate" in the query string into a + corresponding HTTP response cookie (now for its own domain!) + and returns even a possibly empty JavaScript script. Once + www.example.com/login has received the two final notification + (via the callback function) that both scripts were loaded, it + knows that the two third-party cookies were set and can proceed + by forwarding to the next page in sequence. Last hint: keep P3P + in mind for MSIE when setting the cookie in the HTTP response + ;-)

Example

@@ -62,19 +70,19 @@

http://www.example.com/test.html:

-            <script type="text/javascript">
-               jQuery.$foo = "bar";
-               alert("jQuery.$foo="+jQuery.$foo);
-               jQuery.getScriptXS(
-                   "http://www.example.net/test.js",
-                   function () { alert("jQuery.$foo="+jQuery.$foo); }
-               );
-            </script>
+<script type="text/javascript">
+   jQuery.$foo = "bar";
+   alert("jQuery.$foo="+jQuery.$foo);
+   jQuery.getScriptXS(
+       "http://www.example.net/test.js",
+       function () { alert("jQuery.$foo="+jQuery.$foo); }
+   );
+</script>

http://www.example.net/test.js

-              jQuery.$foo = "quux";
+jQuery.$foo = "quux";