- From: Jim Ley <jim.ley@gmail.com>
- Date: Thu, 10 Mar 2005 17:10:31 +0000
On Thu, 10 Mar 2005 10:18:16 -0600, Doron Rosenberg <doronr at gmail.com> wrote: > Well, the code in Mozilla is well tested and already used in the wild. Could you point me at the tests? <URL: http://lxr.mozilla.org/seamonkey/source/extensions/webservices/docs/Soap_Scripts_in_Mozilla.html > says they're at: <URL: http://lxr.mozilla.org/seamonkey/source/extensions/xmlextras/tests/ > called soap* - but there's none of that name there? I can't get it to work anyway, var soapCall = new SOAPCall(); soapCall.transportURI = "http://jibbering.com/"; soapCall.encode(0, "chicken", "urn:Jibberjim", 0, null, 0,[]); soapCall.verifySourceHeader = true; soapCall.asyncInvoke( function (response, soapcall, error) { alert(response.message+'\n\n'+error) } ); makes no request for the webserver xml doc, but does post to the server... Obviously I'm doing something wrong, the example and test files will turn it up I'm sure. > The benefit of the extra request is that we don't fetch any data > unless we are allowed to. In your model, we would fetch the XML, and > then check if there is a header that allows us to pass it to the user. If that's the only complaint, then an extra HEAD request on the same resource would be even more efficient (no data transferred), and no less secure. A get on an unrelated document should not be necessary. > And I think easy delpoyment is important. Cross domain is only really > important for intranets. If this is the case, why not go down the IE cross domain intranet deployment model, which is very well understood and very well used by millions of people rather than a new method, that's only relevant to SOAP (in this case) ? Or indeed even the current mozilla security model which is also used? Jim.
Received on Thursday, 10 March 2005 09:10:31 UTC