All geek questions in one place

Luracast Restler Callback Option for Cross-Domain AJAX

I use Restler to implement a simple REST API. Now, if I need to use this API through AJAX from another domain, I will need to send a callback parameter along with my requests. Is there any support for this in Restler (I haven't found any real documentation yet)?

+6
source share
3 answers

For everyone who came to this page from Google, I sent a question to github and received excellent support from the author. It turns out that this is pretty trivial to implement if you are familiar with how Restler is created.

From https://github.com/Luracast/Restler/issues/17

<?php //jsonpformat.php class JsonpFormat implements iFormat { const MIME = 'text/javascript'; const EXTENSION = 'js'; /* * JsonFormat is used internally * @var JsonFormat; */ public $jsonFormat; public static $functionName = 'parseResponse'; public function __construct() { $this->jsonFormat = new JsonFormat (); if (isset ( $_GET ['jsonp'] )) { self::$functionName = $_GET ['jsonp']; } } public function getMIMEMap() { return array (self::EXTENSION => self::MIME ); } public function getMIME() { return self::MIME; } public function getExtension() { return self::EXTENSION; } public function encode($data, $human_readable = FALSE) { return self::$functionName . '(' . $this->jsonFormat->encode ( $data, $human_readable ) . ');'; } public function decode($data) { return $this->jsonFormat->decode ( $data ); } public function setMIME($mime) { //do nothing } public function setExtension($extension) { //do nothing } } ?>

This should be saved in the same directory as the restler.php file. After that, edit your gateway (index.php) to include this file and add it as a supported format. Example:

 <?php require_once '../../restler/restler.php'; #set autoloader #do not use spl_autoload_register with out parameter #it will disable the autoloading of formats spl_autoload_register('spl_autoload'); $r = new Restler(); $r->setSupportedFormats('JsonpFormat','JsonFormat', 'XmlFormat'); $r->addAPIClass('BMI'); $r->handle(); ?>
+5
source

This worked for us: header ('Access-Control-Allow-Origin: *');

Add this to the controller method before returning for one endpoint to the constructor of the controller class for all endpoints in this branch or higher to allow it on the site.

If you allow certain sites to access the usage header ("Access-Control-Allow-Origin: example.com") or something like the header ("Access-Control-Allow-Origin:". $ Remote_domain). Where $ remote_domain is set dynamically based on some transferred in the token or such. Check out Cross-Resource Access (CORS) to limit your use of * wildcard characters.

 <?php class Say { __construct(){ header('Access-Control-Allow-Origin: *'); //Here for all /say } function hello($to='world') { header('Access-Control-Allow-Origin: *'); //Here for just /say/hello return "Hello $to!"; } }

The above works for GET and POST, other actions require some additional header information from the restler. Here are some examples:

header ('Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS'); header ('Access-Control-Allow-Headers: whatever_headers_you_allow, header1, header2');

For IE9 and below, you will need a JSONP hacker. Restler has an example of extending the iFormat class to port the JASONP interface to an API.

Check out Mozilla hacks for more information on CORS. http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/ And check the OPTIONS in the PHP REST API

+1
source

I will add that if for some reason you do not want to use JSONP, you can simply add:

 header('Access-Control-Allow-Origin: *');

for the first punkael answer (he did not indicate where to do this in Rester). Add this line to restler.php in the sendData ($ data) function, where Restler appends header data to the response. It starts at line 378.

Be careful as this will allow any domain to capture data from your API.

0
source

Source: https://habr.com/ru/post/901448/

More articles:


All Articles