Javascript Proxy

Chris Steipp

Hi. At the Convio Summit last fall, in the API seminar they mentioned that Convio was working on a javascript proxy, so that we can use some 3rd party javascript api's on our convio websites. Has that made it out of beta yet? Is there any way to access the beta version now?

Matthew Andrade

I am also interested in this... please any info would help.

David Hart

Matthew Andrade:

I am also interested in this... please any info would help.

The internal web development team has been using it for a while now.

Using the AjaxProxy is pretty simple but does require Convio Support to enable it for you. There is an SDP that Convio Support will need to create for you (it does not exist in the baseline data load), and only Convio admins can add SDPs.

AJAX_PROXY_DOMAINS_ALLOWED

This should contain a comma-separated list of any domain (e.g. www.convio.com) that you will call using the proxy mechanism. Only domains explicitly listed can be called.

You then submit a form to the AjaxProxy servlet with an argument named “cnv_url” that points to the URL you want to repost to. All the other inputs to the form will be forwarded to the target URL. The form needs to be rendered from within Convio eCRM and needs to include an S86 tag to pass in an auth token. This is to ensure that only valid Convio pages use the proxy and we don’t act as an anonymous proxy for potentially malicious users.

<form method=”POST” action=”AjaxProxy”>

<input type=”hidden” name=”cnv_url” value=”http://www.someother.org/something.html”>

]

<!—The rest of the form that you want to POST -->

</form>

All input parameters will be forwarded except for "cnv_url" and "auth". All HTTP headers will be forwarded except for cookies. The response from the target service will be echoed back to the browser with the same content/type header that was returned from the service. You should be able to call the AjaxProxy using your favorite JavaScript framework. If you want to render the S86 tag as just a value (as opposed to a hidden input), use the syntax ]. Typical javascript might look like this:

var url = 'AjaxProxy?auth=]&cnv_url=http://www.someother.org/something.html';

Remember that you will need to URL encode the value of the cnv_url argument.

There is one known bug in the proxy in that it is forwarding the original "host" header rather than creating a new header with the correct target. I have only seen this create a problem with one service (http://ur.ly).

Chris Steipp

DavidHart :

The internal web development team has been using it for a while now.

Using the AjaxProxy is pretty simple but does require Convio Support to enable it for you. There is an SDP that Convio Support will need to create for you (it does not exist in the baseline data load), and only Convio admins can add SDPs.

AJAX_PROXY_DOMAINS_ALLOWED

This should contain a comma-separated list of any domain (e.g. www.convio.com) that you will call using the proxy mechanism. Only domains explicitly listed can be called.

You then submit a form to the AjaxProxy servlet with an argument named “cnv_url” that points to the URL you want to repost to. All the other inputs to the form will be forwarded to the target URL. The form needs to be rendered from within Convio eCRM and needs to include an S86 tag to pass in an auth token. This is to ensure that only valid Convio pages use the proxy and we don’t act as an anonymous proxy for potentially malicious users.

<form method=”POST” action=”AjaxProxy”>

<input type=”hidden” name=”cnv_url” value=”http://www.someother.org/something.html”>

]

<!—The rest of the form that you want to POST -->

</form>

All input parameters will be forwarded except for "cnv_url" and "auth". All HTTP headers will be forwarded except for cookies. The response from the target service will be echoed back to the browser with the same content/type header that was returned from the service. You should be able to call the AjaxProxy using your favorite JavaScript framework. If you want to render the S86 tag as just a value (as opposed to a hidden input), use the syntax ]. Typical javascript might look like this:

var url = 'AjaxProxy?auth=]&cnv_url=http://www.someother.org/something.html';

Remember that you will need to URL encode the value of the cnv_url argument.

There is one known bug in the proxy in that it is forwarding the original "host" header rather than creating a new header with the correct target. I have only seen this create a problem with one service (http://ur.ly).

Thanks so much for the information! Do you have any ideas about what that one bug with sending the correct host header is going to be fixed? Our web developers are having problems with it, and wondering if there are plans to fix it in the near future.

JeremyGP

I am doing something, I guess, like this this using IFRAMES. It's the same effect, correct? This just allows us to not resort to an IFRAME and call directly from the page through the proxy instead, right?

Michael

JeremyGP :

I am doing something, I guess, like this this using IFRAMES. It's the same effect, correct? This just allows us to not resort to an IFRAME and call directly from the page through the proxy instead, right?

yikes, holy hats.... I was just thinking YESTERDAY that I wish Convio had some sort of thing on the server site that could do this because they way I usually handle remote callbacks (using a dynamically created 0x0 iframe) is a total hack. For example, on a certian donation form thank you page, I use an iframe to post a bit of data back to the site the page is linked from so that site can have real-time information on donations (it maintains it's own user database). But, using an iframe is a hack because iframes are depricated... if I used the correct element, <object> I there is no way to know the remote result. Even though you can't actually read the data in the page sandbox, Firebug is able to display the content of the iframe -- not so with an <object>

Is there further documentation available on this?

Michael

Michael :

yikes, holy hats.... I was just thinking YESTERDAY that I wish Convio had some sort of thing on the server site that could do this because they way I usually handle remote callbacks (using a dynamically created 0x0 iframe) is a total hack. For example, on a certian donation form thank you page, I use an iframe to post a bit of data back to the site the page is linked from so that site can have real-time information on donations (it maintains it's own user database). But, using an iframe is a hack because iframes are depricated... if I used the correct element, <object> I there is no way to know the remote result. Even though you can't actually read the data in the page sandbox, Firebug is able to display the content of the iframe -- not so with an <object>

Is there further documentation available on this?

So, in our instance, the SDP "AJAX_PROXY_DOMAINS_ALLOWED" but the servet generates a 404 when called from /site. It redirects to the page_not_found page when called at the root. Under the AJAX proxy settings in our API config manager, there's a green checkbox indicating it's allowed: "You are configured to allow Javascript or Flash from these domains" (there are a few domains listed)

Not sure what's up -- the full URL I'm calling is: https://my.care.org/site/AjaxProxy (from an SSL page on the same domain, my.care.org)

The response http error is 404.

Any ideas?

Noah Cooper

Michael :

So, in our instance, the SDP "AJAX_PROXY_DOMAINS_ALLOWED" but the servet generates a 404 when called from /site. It redirects to the page_not_found page when called at the root. Under the AJAX proxy settings in our API config manager, there's a green checkbox indicating it's allowed: "You are configured to allow Javascript or Flash from these domains" (there are a few domains listed)

Not sure what's up -- the full URL I'm calling is: https://my.care.org/site/AjaxProxy (from an SSL page on the same domain, my.care.org)

The response http error is 404.

Any ideas?

Michael,

Do you have an example URL where you're making a request to AjaxProxy that we could look at? I don't get a 404 when I navigate directly to https://my.care.org/site/AjaxProxy in a browser.

Michael

Noah Cooper:

Michael,

Do you have an example URL where you're making a request to AjaxProxy that we could look at? I don't get a 404 when I navigate directly to https://my.care.org/site/AjaxProxy in a browser.

Noah, I know this is an old post, but.... https://my.care.org/site/AjaxProxy gives me a 403 Forbidden error now. I've been trying to use it to do a postback sort of thing for a donation page (basically, it posts the amount and confirmation code to an external site), but it looks like the result is a page that says "Object Moved to Here" with "Here" being a link to the passed in Proxy url....

The parameters I'm passing (straight from FireBug):

authu4z-8JK6yk-QKjsAevJSH93i7rchDPlu1N8DRZEzy29ohyt7OZU_hv4orMecI0MhiZWqsiXYLt8.cnv_url<a href="https://www.joinmyvillage.com/donate.aspx/Callback?jmvuid=0&amount=$27.12&dateDonated=12/6/10&confirmationCode&quot; target="_blank">https://www.joinmyvillage.com/donate.aspx/Callback?jmvuid=0&amount=$27.12&dateDonated=12/6/10&confirmationCode</a>=3124-1981-1-1129272-1130422

(note, though, the whole URL in the cnv_url string are actually URL encoded so the parameters don't get lost in, or screw up the initial request... The Auth is grabbed using the appropriate STag whatever it is (can't remember off the top of my head), the rest is pumped in via various S120 tags and/or a session/cookie value for the jmvuid.

Noah Cooper

Michael :

Noah, I know this is an old post, but.... https://my.care.org/site/AjaxProxy gives me a 403 Forbidden error now. I've been trying to use it to do a postback sort of thing for a donation page (basically, it posts the amount and confirmation code to an external site), but it looks like the result is a page that says "Object Moved to Here" with "Here" being a link to the passed in Proxy url....

The parameters I'm passing (straight from FireBug):

authu4z-8JK6yk-QKjsAevJSH93i7rchDPlu1N8DRZEzy29ohyt7OZU_hv4orMecI0MhiZWqsiXYLt8.cnv_url<a href="https://www.joinmyvillage.com/donate.aspx/Callback?jmvuid=0&amount=$27.12&dateDonated=12/6/10&confirmationCode&quot; target="_blank">https://www.joinmyvillage.com/donate.aspx/Callback?jmvuid=0&amount=$27.12&dateDonated=12/6/10&confirmationCode</a>=3124-1981-1-1129272-1130422

(note, though, the whole URL in the cnv_url string are actually URL encoded so the parameters don't get lost in, or screw up the initial request... The Auth is grabbed using the appropriate STag whatever it is (can't remember off the top of my head), the rest is pumped in via various S120 tags and/or a session/cookie value for the jmvuid.

Do you have a link to the donation form where you're calling this so I can take a look?

FYI - You'll get a 403 if you navigate directly to AjaxProxy without the appropriate arguments.

Michael

Noah Cooper:

Do you have a link to the donation form where you're calling this so I can take a look?

FYI - You'll get a 403 if you navigate directly to AjaxProxy without the appropriate arguments.

yes, but you have to make and actual donation to see it..........

Go here:

https://my.care.org/site/Donation2?df_id=8460&8460.donation=form1&jmvuid=0

OR go to www.joinmyvillage.com, create and account and then click the Donation option. the jmvuid will be different but the experience is the same. If you do, let me know the conf id you get so they can check their database. OR if you create your own account, you can see it update.

Right now, I've reverted it to use the iframe method to do the callback, but if you use the pw_id=2121.22 you'll get the AjaxProxy version:

https://my.care.org/site/Donation2?df_id=8460&8460.donation=form1&pw_id=2121.22&jmvuid=0

Thanks!

-mike