?

Log in

No account? Create an account
Ramblings Journals I Read Calendar The Dirt MegaZone's Waste of Time Older Older Newer Newer
Looking for a little JavaScript advice - MegaZone's Safety Valve
The Ramblings of a Damaged Mind
zonereyrie
zonereyrie
Looking for a little JavaScript advice
OK. So our payment system uses a desktop wallet for the consumer, which sits and listens on port 8129. The problem there is that when the payment form posts to localhost;8129 and the wallet isn't running, you just get a browser timeout and nothing helpful.

So I'm trying to find a way to detect the wallet from the HTML document before posting - which seems to mean ECMAScript/JavaScript. After bashing on this all night I've found one method that appears to work in Mozilla, and another that works in IE - as long as the security level hasn't been cranked up. What makes this non-trivial is the security domains. Since the page will come from some merchant's server, it is in a different domain than localhost. And, to prevent hacking, browsers generally don't allow scripts from one domain to poke at another domain. Yes, I know about signed scripts - but since this will be served by any number of merchants, asking all of them to go through signing isn't really viable. And Mozilla makes you sign everything - the script, the page that loads it, etc.

Now, going forward we have an idea for a 'fix'. We can have the Wallet serve an image on request. Then you can load the image in the HTML document - and use the onerror handler to trip if the image fails to load. That's fairly trivial - but I was kind of hoping I might find something at least fairly useful to cover things until that goes through engineering, and for ongoing legacy users who won't have upgraded yet.


<html>
<head><title>Merged Test</title>
<body>
<p>This is a test.</p>
<iframe src="http://127.0.0.1:8129/wallet" width="0" height="0"
border="0" style="visibility: hidden;" id="testframe"
name="testframe"></iframe>
<script type="text/javascript">
function testWallet() {
var test;
var xmlhttp;
/*@cc_on @*/
/*@if (@_jscript_version >= 5)
try {
xmlhttp=new ActiveXObject("Msxml2.XMLHTTP")
} catch (e) {
try {
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP")
} catch (E) {
xmlhttp=false
}
}
@else {
xmlhttp=false
}
@end @*/
if (xmlhttp) {
try {
xmlhttp.open("GET", "http://127.0.0.1:8129/wallet", true);
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4) {
if (xmlhttp.responseText == "") {
alert("Your wallet is not running!");
}
}
}
xmlhttp.send(null);
} catch (e) {
}
}
else {
try {
IFrame = document.getElementById('testframe');
if (IFrame.contentDocument) { // Moz/Gecko
test = IFrame.contentDocument.domain;
} else {
test = "Unknown";
}
if (test == null) {
alert("Your wallet is not running!");
}
}
catch(e) {
}
}
}
setTimeout("testWallet();",500);
</script>
</body>
</html>


I know it isn't very pretty - I've been hacking on this as I go just to try things. You can hit it here. If anyone has some spare clue to throw my way, I'd appreciate it. And if you want to test it with a wallet, you can download a demo one here. (Windows only.) Or if you want, go for it and grab a real one.

I am: tired tired
Current Media: quiet office

2 STDOUT || STDIN
Comments
chiieddy From: chiieddy Date: March 30th, 2004 05:58 am (UTC) (Direct Link)
We had a problem like this locally where even two servers in the same technical domain couldn't talk to each other. There's a Javascript DOMAIN function you may wish to take a look at.
zonereyrie From: zonereyrie Date: March 30th, 2004 10:18 am (UTC) (Direct Link)
'domain' only works for pages server from the same domain but different subdomains. Say machine1.company.com and machine2.company.com. You can use domain to set both of them to do domain matching on company.com, which would put them in the same domain.

But you can only change the domain to a subpart of the existing domain - so you can never make localhost match company.com.
2 STDOUT || STDIN