Home/ Questions/Q 7876257
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T03:08:26+00:00

I am trying to write a login function with dojo. In my case, I

  • 0

I am trying to write a login function with dojo. In my case, I need a post request to a extern (!!) server in this case:

login is defined as followed:

login

Login is a special action, not handling any data, but authenticating a user. A POST request is to be made, containing a json object with keys ’email’ and ‘password’. The return value is either true or false. A special Cookie is returned for further identification.

Valid API Calls

URL: /api/login

Method: POST

Fields:

email

password

Description: Returns all data for the logged in user in PLIST format. if login fails, false is returned in PLIST format.

Well, I tried to solve that problem with a io.iframe.send call, but i get the following error: Error: Permission denied to access property ‘getElementsByTagName’

However, I am even not sure, if io.iframe is the correct way to solve my problem.

Perhaps you can help me
Thanks a lot

PS: My current code looks like this:

function login(){
    require(["dojo/io/iframe", "dojo/dom"], function(iframe, dom){
        var email = dom.byId("logEmail").value;
        var password = dom.byId("logPassword").value;

        function JSONreq(){

            var jsonpArgs = {
                method: 'POST',
                handleAs:"json",
                content:{
                    email: email,
                    password: password

                },
                url: "http://---someServerThatIDontWantToName---/api2/login",
                load: function (response, ioargs){
                    //console.log(response)
                    alert('succes');
                },
                error: function(response, ioargs){
                    alert("error");
                }
            };
            iframe.send(jsonpArgs);
        }
        dojo.ready(JSONreq);

    });
};

is there any difference in mobile development? cross server post requests should be possible on a mobile device.

so: can i use io.iframe.send for this reason?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Anser in short is, you cannot at any given time use POST request on a X-domain via browser client. Reason is, the DOM is protected on another namespace and what is happening through io.iframe is;

    1. establish GET request
    2. find form, check foreach (local) name/value content keypair if (remote) input exists
      • if not exists, create as such: dojo.create("input", {type: "hidden", name: name, value: value}, fn);
      • else if it does, set the value on form.element-of-name.

    So, first of all DOM lookup will fail in 2) due to security restrictions, meaning ‘not exists’, then in turn, 2.1) dojo.create will fail with same reason.

    Typical workarounds are

    1. Open GET method in your x-domainserver/api/login (set url: prefix + dojo.formToQuery(form)
    2. Create an in which url refreshes on a polling interval, making login keep-alive

    3. Create a ‘jumphost’ on your samehost-server/api/login/passthrough which serverside does POST to x-domainserver/api/login, then returns result. Giving PHP solution for this

      $allowedDomains = array(
      “http://facebook.whatever.org/”,
      “http://yournavigation.org/”);

      // The target request uri on x-domain, say “form action”
      $action = $_REQUEST[“url”];

      // Method only looks for POST and defaults GET
      $method = $_REQUEST[“method”];

      // Query placeholder, filled by rolling through _REQUEST, will append all but method / url pairs
      $fields = “”;

      // Authorize against allowedDomains or die

      foreach ($allowedDomains as $domain) {

      if (strpos(substr($action, 0, strlen($domain)), $domain) !== false) {
header("HTTP/1.0 403 Forbidden");
die("Domain name "".$action."" not allowed. Access denied.");
flush();
}

      }

      if (count($_REQUEST) > 2) {

      foreach ($_REQUEST as $key => $value) {

    if ($key != "url" && $key != "method") // append anything but url and method
        $fields .= $key . "=" . rawurlencode($value) . "&";
}

      }
      $fields = substr($fields, 0, strlen($fields) – 1);

      // Setup curl
      $ch = curl_init();
      if (strtoupper($method) == “POST”) {
      curl_setopt($ch, CURLOPT_URL, $action);
      curl_setopt($ch, CURLOPT_POST, 1);
      curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
      } else {
      curl_setopt($ch, CURLOPT_URL, $action . “?” . $fields);
      }
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
      curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
      curl_setopt($ch, CURLOPT_USERAGENT, “transport.php (CURL)”);

      // Send, catch returning response and close
      $response = curl_exec($ch);
      $info = curl_getinfo($ch);
      curl_close($ch);

      // Reply response to client XHR
      header(“Content-type: “.$info[“content_type”]);
      echo $response;

    • 0