mirror of
https://github.com/moparisthebest/xeps
synced 2024-11-24 18:22:24 -05:00
1.16 RC4 fixed one more potentially right scrolling example
git-svn-id: file:///home/ksmith/gitmigration/svn/xmpp/trunk@583 4b5297f7-1745-476d-ba37-a9c6900126ab
This commit is contained in:
parent
9f6c2f78b4
commit
69f85683dc
@ -890,6 +890,7 @@ Content-Length: 68
|
||||
<p>The cross domain security restrictions of some runtime environments permit clients to access pure XML text only if it was received from a specific server (e.g., the hostname a Web client was downloaded from). Astonishingly the same environments typically permit clients to receive and execute scripts from any server! <note>This security hole is unlikely to be closed by browser vendors since it facilitates online advertising.</note> The <link url="#security">Security Considerations</link> section below describes the significant risks of deploying Script Syntax.</p>
|
||||
<p>To enable domain-restricted clients to use BOSH with any connection manager, this section proposes an <em>optional</em> alternative to the standard "BOSH Pure Syntax" seen in the other sections of this document. The "BOSH Script Syntax" defined here essentially inserts each <body/> element sent by the client into an HTTP GET header instead of into the body of a POST request. Each <body/> element sent by the connection manager is wrapped inside an &ECMAScript; string and function call. No changes to the <body/> element or to any other aspects of the protocol are required.</p>
|
||||
<p>If, and only if, a client is <em>unable</em> to use the Pure Syntax, then it MAY send a session request to a BOSH connection manager using Script Syntax instead. If the connection manager supports Script Syntax then it MUST send its <link url="#session-create">Session Creation Response</link> using Script Syntax, and all subsequent client requests and connection manager responses within the session MUST be sent using Script Syntax. If the connection manager does not support the "BOSH Script" syntax then it SHOULD return either an 'item-not-found' terminal binding error (in Script Syntax) or an HTTP 404 (Not Found) error in response to the client's session request:</p>
|
||||
<p>Note: The line break in the body of the HTTP response in the following example is included only to improve readability. In practice there MUST be no line breaks.</p>
|
||||
<example caption="Script Syntax not supported binding error">
|
||||
<![CDATA[HTTP/1.1 200 OK
|
||||
Content-Type: text/javascript; charset=utf-8
|
||||
@ -898,7 +899,8 @@ Cache-Control: no-cache
|
||||
Pragma: no-cache
|
||||
Content-Length: 212
|
||||
|
||||
_BOSH_("<body type='terminate' condition='item-not-found' xmlns='http://jabber.org/protocol/httpbind'/>")]]></example>
|
||||
_BOSH_("<body type='terminate' condition='item-not-found'
|
||||
xmlns='http://jabber.org/protocol/httpbind'/>")]]></example>
|
||||
<example caption="Script Syntax not supported HTTP error">
|
||||
<![CDATA[HTTP/1.1 404 Not Found
|
||||
Content-Length: 0]]></example>
|
||||
@ -911,7 +913,7 @@ Content-Length: 0]]></example>
|
||||
<li><p>The resulting URI MUST be sent to the connection manager within an HTTP GET request.</p></li>
|
||||
<li><p>Include extra HTTP headers to prevent request/response caching or storage by any intermediary.</p></li>
|
||||
</ol>
|
||||
<p>Note: Line breaks in the HTTP requests shown in the following examples are not significant and are included only to improve readability.</p>
|
||||
<p>Note: All whitespace between "GET " and " HTTP/1.1" in the HTTP GET header lines in the following two examples is included only to improve readability. In practice there MUST be no whitespace.</p>
|
||||
<example caption="Requesting an HTTP session in Script Syntax"><![CDATA[
|
||||
GET /webclient?%3Cbody%20content='text/xml;%20charset=utf-8'%20
|
||||
hold='1'%20rid='1573741820'%20to='jabber.org'%20
|
||||
@ -958,7 +960,7 @@ Content-Length: 0]]></example>
|
||||
<li><p>If the client request does not possess a 'content' attribute, then the HTTP Content-Type header of responses MUST be either "text/javascript; charset=utf-8" or "application/x-javascript; charset=utf-8".</p></li>
|
||||
<li><p>Include extra HTTP headers to prevent caching or storage by any intermediary.</p></li>
|
||||
</ol>
|
||||
<p>Note: Line breaks in the _BOSH_ code shown in the following examples are not significant and are included only to improve readability.</p>
|
||||
<p>Note: All line breaks in the bodies of the HTTP responses in the following two examples is included only to improve readability. In practice there MUST be no line breaks.</p>
|
||||
<example caption="Session creation response in Script Syntax">
|
||||
<![CDATA[HTTP/1.1 200 OK
|
||||
Content-Type: text/javascript; charset=utf-8
|
||||
|
Loading…
Reference in New Issue
Block a user