xsltforms-support

[Xsltforms-support] sending xsltforms submission to PayPal for processing - possible?

[Alexander Ž. <sa...@st...>]

Have any of you managed to accomplish this? I have a 3-product  
ordering xsltforms form. I would like to send the data the form  
collects for payment processing to PayPal using this submission:

<xforms:submission id="s01" method="post" ref="order/paypal"  
replace="all" action="http://www.sandbox.paypal.com/cgi-bin/webscr"/>

Using FireFox and Safari on Mac I am getting an error when submitting:

1 -> "Submit post - undefined - http://www.sandbox.paypal.com/cgi-bin/webscr 
  - true

The full error trace is shown in an attached image (not sure if it  
makes it through to the list - if not and somebody will react to this,  
I will retype the error):

Re: [Xsltforms-support] sending xsltforms submission to PayPal for processing - possible?

[COUTHURES A. <ala...@ag...>]

Hi Alexander,
> Have any of you managed to accomplish this? I have a 3-product 
> ordering xsltforms form. I would like to send the data the form 
> collects for payment processing to PayPal using this submission:
>
> <xforms:submission id="s01" method="post" ref="order/paypal" 
> replace="all" action="http://www.sandbox.paypal.com/cgi-bin/webscr"/>
This is clearly a problem concerning the cross-domain restriction.

Would there be possible to use a GET method instead with xforms:load?

Another approach, do you think you could use URL rewriting?

This is an interesting feature!

Thank you for your feedbacks!

-Alain

Re: [Xsltforms-support] sending xsltforms submission to PayPal for processing - possible?

[Alexander Ž. <sa...@st...>]

Hi Alain,

I guess I do not understand where the "...cross-domain restriction..."  
comes from. As a consequence I do not understand how to use "...GET  
method instead with xforms:load..."

URL rewriting - again - due to not understanding why/where is the form  
failing now, I can't comment.

Sorry :-(

A.

On Apr 16, 2010, at 10:06 PM, COUTHURES Alain wrote:

> Hi Alexander,
>> Have any of you managed to accomplish this? I have a 3-product  
>> ordering xsltforms form. I would like to send the data the form  
>> collects for payment processing to PayPal using this submission:
>>
>> <xforms:submission id="s01" method="post" ref="order/paypal"  
>> replace="all" action="http://www.sandbox.paypal.com/cgi-bin/webscr"/>
> This is clearly a problem concerning the cross-domain restriction.
>
> Would there be possible to use a GET method instead with xforms:load?
>
> Another approach, do you think you could use URL rewriting?
>
> This is an interesting feature!
>
> Thank you for your feedbacks!
>
> -Alain

Re: [Xsltforms-support] sending xsltforms submission to PayPal for processing - possible?

[COUTHURES A. <ala...@ag...>]

Hi Alexander,
> I guess I do not understand where the "...cross-domain restriction..."  
> comes from. As a consequence I do not understand how to use "...GET  
> method instead with xforms:load..."
>   
For security reasons, pure Javascript instructions cannot be used to 
exchange data with a server not been in the same domain and same port. 
This is the "cross-domain restriction" implemented in XmlHttpRequest. 
There are workarounds based on HTML tricks, one of them being using 
SCRIPT element with @src passing parameters in the query string while 
Javascript instructions returned by this other server call a callback 
function...

xforms:load is not implemented with XmlHttpRequest in XSLTForms but with 
location.href so the cross-domain restriction is not to be considered in 
this case.
> URL rewriting - again - due to not understanding why/where is the form  
> failing now, I can't comment.
>   
URL rewriting allows to trick the client browser in a sense that it 
believes that the request URL will be treated by the targeted server 
but, using URL rewriting, this one just sends the request to another one 
in a different domain. There is no security restriction there because 
it's performed at server-side.

Hope it helps!

-Alain

Re: [Xsltforms-support] sending xsltforms submission to PayPal for processing - possible?

[Alexander Ž. <sa...@st...>]

ok, I found an article (Fixing AJAX: XMLHttpRequest Considered  
Harmful) explaining this in more detail.

thanks

A.


On Apr 18, 2010, at 10:55 PM, COUTHURES Alain wrote:

> Hi Alexander,
>> I guess I do not understand where the "...cross-domain  
>> restriction..."  comes from. As a consequence I do not understand  
>> how to use "...GET  method instead with xforms:load..."
>>
> For security reasons, pure Javascript instructions cannot be used to  
> exchange data with a server not been in the same domain and same  
> port. This is the "cross-domain restriction" implemented in  
> XmlHttpRequest. There are workarounds based on HTML tricks, one of  
> them being using SCRIPT element with @src passing parameters in the  
> query string while Javascript instructions returned by this other  
> server call a callback function...
>
> xforms:load is not implemented with XmlHttpRequest in XSLTForms but  
> with location.href so the cross-domain restriction is not to be  
> considered in this case.
>> URL rewriting - again - due to not understanding why/where is the  
>> form  failing now, I can't comment.
>>
> URL rewriting allows to trick the client browser in a sense that it  
> believes that the request URL will be treated by the targeted server  
> but, using URL rewriting, this one just sends the request to another  
> one in a different domain. There is no security restriction there  
> because it's performed at server-side.
>
> Hope it helps!
>
> -Alain
>
>
>