DOAP - Remote Abstract Data Access Protocol by Dave

<< Synchronous RequestsContents 

Additional Topics

The DOAP.nocache Property

To avoid browsers caching the response of what they think is the same request to the DOAP server DOAP can append a random alphanumeric string to the request URL.

This is controlled with the bool property DOAP.nocache - if true (which it is by default) the string is appended as the URI variable nc, if it is false then no additional string is appended to the URL.

Debugging Requests

It is possible to manually navigate to a DOAP Server URL in a browser to examine the XML output first hand.

The DOAP request is made up in the query string as a series of variables.

Specifically: So an example URL to call the DOAP function addition() with the first parameter of 1 and the second parameter of 2 would be:


As DOAP uses XMLHTTP some browsers (currently IE but probably others in future) will display a security warning if the request is sent to a different domain than the web page is hosted on.

Unless you want to get users to whitelist the site or page then it's suggested you host your client page on the same domain that the client is served from.

Of course the standard rules apply with regard to dealing with user content and you have to assume that ANY of your DOAP methods on the server can be called maliciously (the same as any PHP script with exposed functionality).

It's therefore up to you to check input, sanitise as appropriate and secure any restricted areas through the use of tokens/SIDs/cookies passed as part of the parameters.

<< Synchronous RequestsContents