summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2011-06-13 11:17:27 +0200
committerLeif Johansson <leifj@sunet.se>2011-06-13 11:17:27 +0200
commit13302bef1c1ae719a03d698f75e86cdab234a402 (patch)
tree6c6f06d581244a7a1f1526e4e7ea27b1f3f317af /src
parent69d15e96926819f2136d626041d850f36df67a88 (diff)
xdomain magic?
Diffstat (limited to 'src')
-rw-r--r--src/meetingtools/django-crossdomainxhr-middleware.py44
-rw-r--r--src/meetingtools/settings.py1
-rw-r--r--src/site-media/js/jquery.meetingtools.js2
3 files changed, 46 insertions, 1 deletions
diff --git a/src/meetingtools/django-crossdomainxhr-middleware.py b/src/meetingtools/django-crossdomainxhr-middleware.py
new file mode 100644
index 0000000..f525b9a
--- /dev/null
+++ b/src/meetingtools/django-crossdomainxhr-middleware.py
@@ -0,0 +1,44 @@
+import re
+
+from django.utils.text import compress_string
+from django.utils.cache import patch_vary_headers
+
+from django import http
+
+try:
+ import settings
+ XS_SHARING_ALLOWED_ORIGINS = settings.XS_SHARING_ALLOWED_ORIGINS
+ XS_SHARING_ALLOWED_METHODS = settings.XS_SHARING_ALLOWED_METHODS
+except:
+ XS_SHARING_ALLOWED_ORIGINS = '*'
+ XS_SHARING_ALLOWED_METHODS = ['POST','GET','OPTIONS', 'PUT', 'DELETE']
+
+
+class XsSharing(object):
+ """
+ This middleware allows cross-domain XHR using the html5 postMessage API.
+
+
+ Access-Control-Allow-Origin: http://foo.example
+ Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
+ """
+ def process_request(self, request):
+
+ if 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' in request.META:
+ response = http.HttpResponse()
+ response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
+ response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
+
+ return response
+
+ return None
+
+ def process_response(self, request, response):
+ # Avoid unnecessary work
+ if response.has_header('Access-Control-Allow-Origin'):
+ return response
+
+ response['Access-Control-Allow-Origin'] = XS_SHARING_ALLOWED_ORIGINS
+ response['Access-Control-Allow-Methods'] = ",".join( XS_SHARING_ALLOWED_METHODS )
+
+ return response \ No newline at end of file
diff --git a/src/meetingtools/settings.py b/src/meetingtools/settings.py
index 8835de9..7c7cc41 100644
--- a/src/meetingtools/settings.py
+++ b/src/meetingtools/settings.py
@@ -80,6 +80,7 @@ TEMPLATE_LOADERS = (
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'meetingtools.urlmiddleware.UrlMiddleware',
+ 'meetingtools.django-crossdomainxhr-middleware.XsSharing',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.RemoteUserMiddleware'
diff --git a/src/site-media/js/jquery.meetingtools.js b/src/site-media/js/jquery.meetingtools.js
index 1453226..0293548 100644
--- a/src/site-media/js/jquery.meetingtools.js
+++ b/src/site-media/js/jquery.meetingtools.js
@@ -13,7 +13,7 @@ jQuery.fn.meetingtools = function(options) {
}
var url = url+'/room/+'+tags+'.json';
var div = $(this);
- $.getJSON(url,function(data) {
+ $.getJSON(url+"?jsoncallback=?",function(data) {
html = "<ul class=\"meeting-list\">";
$.each(data,function(i,room) {
html += "<li class=\"meeting\"><h4>"+room['name']+"</h4><div class=\"meeting-info\">";