+

Search Tips   |   Advanced Search

HTTP proxy for Ajax applications, also known as Ajax Proxy


Ajax enables web pages to load data or markup fragments from a server using asynchronous requests. These requests are processed in the background and do not interfere with the web page displayed in the browser. When we use Ajax, the web application exchanges only small amounts of data between the server and the client. Therefore, it refreshes only small parts of the markup. Ajax is useful for building mashups. Content can consist of RSS or Atom feeds or other data retrieved from external REST services.

To prevent cross-site scripting attacks in such web applications, browsers introduced the so called same-origin policy. This policy prevents client side scripts, in particular JavaScript, from loading content from an origin that has a different protocol, domain name, or port. To overcome this restriction, some browser vendors offer solutions based on signed scripts. However, using a signed script does not mean that a script can be trusted. Another disadvantage of these browser-specific solutions is they rely on the user to configure the browser accordingly.

The solution that HCL WebSphere Portal offers is based on a server-side HTTP proxy. This proxy is named the HTTP Proxy for Ajax Applications, or also known as the Ajax Proxy. The underlying security model allows administrators to restrict access to trusted origins in a flexible way. The Ajax Proxy can be used for developing themes, skins, static pages, or portlets.

See: The programming model for using the AJAX proxy


Outbound HTTP connections

In HCL WebSphere Portal v8.0 and earlier versions, outbound HTTP connections were accessible through the Ajax Proxy service. The Ajax Proxy service was configured by a configuration document in the web module using the Ajax Proxy service...

    web_module/WEB-INF/proxy-config.xml

Starting with HCL WebSphere Portal v8.5, and the new outbound connection service, the configuration of outbound HTTP connections is now part of the standard datastore-based portal configuration.


Parent Outbound HTTP connection