| << Synchronous Requests | Contents |
Additional Topics
The DOAP.nocache PropertyTo avoid browsers caching the response of what they think is the same request to the DOAP server DOAP can append a random alphanumeric string to the request URL.
This is controlled with the bool property DOAP.nocache - if true (which it is by default) the string is appended as the URI variable nc, if it is false then no additional string is appended to the URL.
Debugging Requests
It is possible to manually navigate to a DOAP Server URL in a browser to examine the XML output first hand.
The DOAP request is made up in the query string as a series of variables.
Specifically:
- f - the name of the function
- p[0] - the first parameter
- p[x] - the x'th parameter
- nc - the nocache string (ignored by the server)
http://server/doap.php?f=addition&p[0]=1&p[1]=2
Security
As DOAP uses XMLHTTP some browsers (currently IE but probably others in future) will display a security warning if the request is sent to a different domain than the web page is hosted on.
Unless you want to get users to whitelist the site or page then it's suggested you host your client page on the same domain that the client is served from.
Of course the standard rules apply with regard to dealing with user content and you have to assume that ANY of your DOAP methods on the server can be called maliciously (the same as any PHP script with exposed functionality).
It's therefore up to you to check input, sanitise as appropriate and secure any restricted areas through the use of tokens/SIDs/cookies passed as part of the parameters.
| << Synchronous Requests | Contents |
DOAP is © Copyright 2011 PurplePixie Systems. All rights reserved.
Software licenced under the GNU GPL v3. Documentation licenced under the GNU FDL v1.3
Code Highlighting
Software licenced under the GNU GPL v3. Documentation licenced under the GNU FDL v1.3
Code Highlighting