CORS = XmlHttpRequest to other servers – without JSONP
As Webstep guru Thor Halvor explained in the this excellent blogpost – there are security restrictions to prevent/limit cross domain access of XMLHttpRequest’s – the cornerstone of AJAX.
Flash and silverlight has the same restrictions – and solves this by using crossdomain.xml and clientaccesspolicy.xml. These files are placed on the server you want to communicate with – and must contain * or the domain you want to contact the server from.
Anyways – there is a similar mechanism that XMLHttpRequest supports. This mechanism is called CORS – Cross-origin resource sharing. It is a newer(2004) and preferred alternative to JSONP – and works more or less like the xml files mentioned above. The only difference is that it isn’t implemented as a file – it’s part of the HTTP Header. This makes it a bit more difficult to set up than the others.
When a javascript on siteA wants to make a request to siteB – then the script first makes an initial OPTIONS request to site B – and looks at the HTTP Header it receives.
Access-Control-Allow-Origin: *
If the value is * – then it means that XmlHttpRequests can communicate with that site – from any other server – and a regular XMLHttpRequest can be made just like you were communication with your own server. You can of course type in domain names here to prevent everybody from using your API.
Here’s how to configure this on an Microsoft IIS Server – Web.Config – under the <configuration> node
<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> </customHeaders> </httpProtocol> </system.webServer>
So to sum it up: use CORS whenever possible, instead of hacking your way around with JSONP. You’ll have prettier code, better error handling and it’s safer to use with regard to XSS Attacks as far as I have understood. Also – CORS supports all types of HTTP requests (Get/Post/Put,Delete), while JSONP only supports Get.
Read more about CORS here:
http://my.opera.com/core/blog/2011/10/28/cors-goes-mainline
A third (and the newest) alternative is UMP – I might blog more about this some other time.
Sharepoint 2010 – Rename Contextual Search Label
One of the elements you don’t have control over in a Sharepoint 2010 environment is the label for the contextual search option in the search drop down list (“This Site: “ and the name of the current site):
The dynamic nature of the contextual search definition means that wherever you are in your Sharepoint solution where the search drop down list is visible you will have a “This Site: “ option.
In some cases you might want to change this text. One annoying situation is if your solution has a series of sites that share a common prefix, and this prefix is just long enough to take up all the visible real estate of the drop down box. Your users will then see “This Site: Long Site Prefix” for all sites, instead of the last part of the name which is actually unique.
This can be solved by adding some javascript to your page (non-jQuery, so no references required). Add a Content Editor web part and edit the contents by clicking the HTML drop down and selecting “Edit HTML source”:
Insert the following javascript:
<script type="text/javascript"> function SearchScDDLInj() { var srhScDDL = document.getElementById("ctl00_PlaceHolderSearchArea_ctl01_SBScopesDDL"); if (srhScDDL != null) { srhScDDL.options[0].text = "My custom value"; } } SearchScDDLInj(); </script>
This script will search for the drop down list (identified by ‘ctl00_PlaceHolderSearchArea_ctl01_SBScopesDDL’) and replace the first value with “My custom label”.
Save the webpart and the search drop down list should now display your own value. If not, use something like the developer tools in IE and search for the correct id for the element (not name!). The easiest way is to search for whatever value currently displayed for contextual search (“This Site: Prototyping” in my case”) and then get the ID of the placeholder:
And there you go:
Sharepoint 2007 (Moss 2007) – hide fields on NewForm.aspx and EditForm.aspx
Every now and then you have lists that contain columns / fields that you need behind the scenes but that you don’t want the users to see. One option is to define custom forms in SP Designer, but if the automatic out-of-the-box forms are good enough just add a bit of Javascript to the page (thanks to Scott Wheeler over at Sharepoint Sherpa for this one):
1. Use Sharepoint Designer, open your site and expand the directory of your list
2. Find the form where you wish to hide one or more fields (I obviously really feel strongly about changing EditForm.aspx and NewForm.aspx) and open it in code view.
3. Locate the placeholder for the main content:
<asp:Content ContentPlaceHolderId=”PlaceHolderMain” runat=”server”>
and insert the following script immediately after:
<script language="javascript" type="text/javascript"> _spBodyOnLoadFunctionNames.push("hideFields"); function findacontrol(FieldName) { var arr = document.getElementsByTagName("!"); // get all comments for (var i=0;i < arr.length; i++ ) { // now match the field name if (arr[i].innerHTML.indexOf(FieldName) > 0) { return arr[i]; } } } function hideFields() { var control = findacontrol("SomeFieldName"); control.parentNode.parentNode.style.display="none"; control = findacontrol("SomeOtherFieldName"); control.parentNode.parentNode.style.display="none"; } </script>
Now you can swap “SomeFieldName” to the name of one of your fields and it will disappear. Add as many fields as you wish (each field requires both the findacontrol() invocation and setting the style).
Degree Consulting Group har konsulenter til leie innenfor utvikling i .NET, SharePoint, Windows Phone, Java og Flex.
Vi tilbyr også drift av IT-systemer for små og mellomstore bedrifter til gode priser.
For mer informasjon om oss, ta en kikk på vår hjemmeside www.degree.no
Degree Dev Blogg
Siste innlegg
- LINQ – how to build queries dynamically
- XenApp 6.5 – STA could not be contacted
- Windows Azure Storage Emulator – Blob service does not start
- ORM & Linq – Know your queries and indexes!
- ADFS 2.0 / Claims authentication / Sharepoint 2010
Lenker
Tags
Kommentarer
- bengu on The type or namespace name ‘log4net’ could not be found
- Shah on Sharepoint 2010 – how to show error details when debugging
- Andreas on TransactionScope – atomic transactions in C#
- Peter Parker on TransactionScope – atomic transactions in C#
- Stian on Custom mapping? No, I use Automapper!
