Comments on: AJAX Cross Domain Proxy

By: Lars

Lars — Fri, 01 Aug 2008 14:22:42 +0000

Hi Iacovos,

Thanks for this handy example. I am using it in my prototype web app (a gmaps mashup).

Re: 13, it seems like it would be useful for $valid_requests to be an array of domains, or hostnames, or URL prefixes, or match patterns, so that they're more general than exact URLs. Is there much security risk in just specifying the hosts (or domains) that can be proxied to?

Lars

By: Silverlight Networking - Using a proxy to overcome cross-domain-scripting troubles » Mark Monster

Tue, 29 Jul 2008 10:02:00 +0000

[…] tested this proxy, written in PHP. It works for me because I’ve got a Webhost that supports PHP and no ASP.NET. I’ve […]

By: Iacovos

Iacovos — Sat, 14 Jun 2008 05:37:26 +0000

ONi, thanks a lot. Regarding your little modification, that was not necessary. You could simply set the value of CSAJAX_FILTERS to false (line #13). However, you (not just you, but everyone) must understand the security issue behind the filtering option. By disabling the filtering option, the ajax-proxy script can serve as an open, proxy script and anyone could use it to request any page. I am not going further and analyze how someone could take advantage of it; if anyone has more questions, feel free to contact me.

By: ONi

ONi — Fri, 13 Jun 2008 11:21:47 +0000

Iacovos: Sir, you are a genious!! this is exactly what I was looking for and works like charm. I made a little modification though, to the issue in the comment #2, I added $_GET['csurl'] to the list of $valid_requests, so on, any URL that you try to get will be a valid request, hope this works for everyone!.

By: Iacovos

Iacovos — Mon, 07 Apr 2008 07:01:13 +0000

Al, you need to enable curl module in PHP.

By: Al

Al — Sat, 29 Mar 2008 21:57:09 +0000

I get… Fatal error: Call to undefined function curl_init() in C:\root\www\crosssdomainajax\ajax-proxy.php on line 67

By: Iacovos

Iacovos — Sun, 30 Dec 2007 18:48:20 +0000

fedmich, did you modify the ajax-proxy.php to work with fopen etc? If yes, it would be nice if you could provide me your changes, integrate them into the current script and finally release an updated version that works with both approaches!

Happy New Year!

By: fedmich

fedmich — Sun, 30 Dec 2007 02:50:10 +0000

great...

useful but the curl on my site isn't enabled... so Im using other means of retrieving websites like fopen()

for asp code, I had something like this before, just dont remember on which website did I used this for

Cheers and Happy New Year

By: kevin

kevin — Mon, 10 Dec 2007 03:20:36 +0000

it’s a pity, though really useful, there is no demo proxy developed in asp , for which i am dying . still thanks a lot.

By: sanjay

sanjay — Fri, 26 Oct 2007 15:36:09 +0000

i am not getting any response nor any error after adding the domains to the array list on php file.. Could you please help!!