Login/Register
Secure Javascript GET Request
Asked Answered
Solved javascripthtmlsslconcrete5
U

1

7

Essentially, I have a custom HTML chart that needs a value from an external secure proxy server. Right now, I am inserting HTML blocks into the relevant areas on the page that include JavaScript to get the correct data through an XHTTP GET request.

It works wonderfully until we restrict access to our proxy server to be limited to our SSL from our C5 site (which is also what we want).

This prevents the chart from getting the correct value because the HTML and the JavaScript get executed on the client side and not through C5.

Essentially, what I need to do (I think) is to move the GET request inside of C5 so that it can pass through with the SSL certificate. I then need to take that value and plug it back into the chart.

Below is some pseudo-code based on the HTML code that I'm currently dropping into the page. 

<!-- This is the actual HTML block that I'm creating. -->
<div id="HTMLBlock455" class="HTMLBlock">
<div class="someCustomChart">

<!-- Here's the script currently running that gets the necessary data and calls the proper functions to populate the chart.  -->

<script type="text/javascript">

// Global Var to store updating value 
var amount = 0;

// Open a new HTTP Request)
var xhr = new XMLHttpRequest();
xhr.open("GET", "Some_ElasticSearch Server", true);
xhr.onreadystatechange = function() {
  if (xhr.readyState === 4) {
    if (xhr.status === 200) {
      var person = JSON.parse(xhr.responseText);
      amount = person._source.age; // Grabs the person age
      $('#chart_328').data('updateto', amount); //updates the above HTML data    value
            document.getElementById('chart_328_text').innerHTML = amount + '%';
    } else {
      console.error(xhr.statusText);
   }
  }
};
xhr.onerror = function (e) {
 console.error(xhr.statusText);
};
xhr.send(null);

// This function executes on page load and prepares the chart!
$(document).ready(function() {
   ....
}
Unimproved answered 23/11, 2015 at 15:16 Comment(4)
Can't you bounce the request on your server, essentially using it as a proxy?Proclivity
Welcome to SO @sethmrtn . I've edited your question in order to fullfil the requirements of SO (we don't say hello in questions, and we try to make them re-usable) for the future.Registered
What is a C5 site, and why can't you send a GET request to it? is it not implementing CORS? what is the roadblock?Pleo
@KevinB C5 is concrete5. There is a separate server system that stores the relevant information. That's ultimately what I want to do ~ send a request from concrete5 to the server, get the correct value, and bring it back to display inside of the HTML block. I'm not sure how to send that GET to concrete5 and then to the proxy server.Unimproved
D
1

You could do an Ajax request to another domain or protocol just enabling CORS in the backend you want to reach.

Another option but I don't know if this is available in C5 is to create a proxy pass request. C5 in this case will do as a proxy with your request. Then the flow is:

Ajax request to your C5 -> C5 proxies the request to the external resource -> C5 sends you back the result

I prefer the approach of CORS but take into account that the legacy browsers could not be 100% compatible. See the reference: http://caniuse.com/#feat=cors

Demasculinize answered 24/11, 2015 at 14:29 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.