Handling crossdomain requests¶
Two ways to configure your system :
- Use a ProxyHost
A well-known proxy host script is provided by the OpenLayers community project : http://trac.osgeo.org/openlayers/wiki/FrequentlyAskedQuestions#ProxyHost
This solution is not recommanded due to security holes that this script introduces into EasySDI solution.
To handle same origin policy and assure remote web services security access, we do recommand to use the EasySDI Proxy combined with a web server proxy/gateway extension, like apache proxy_module.
- EasySDI Proxy & Apache proxy_module
See Apache documentation : http://httpd.apache.org/docs/2.2/en/mod/mod_proxy.html
Let's explained by the example :
You are hosting your Joomla site at the following address : www.my-easysdi.com.
And having your EasySDI Proxy servlet at this one : www.proxy-easysdi:8080/proxy.
In order to access your proxied services into the map viewer, the two have to be in the same domain, so define www.my-easysdi.com/proxy as EasySDI Proxy URL would be the solution.
To do that :
1/ Enable proxy_module : open the Apache configuration file [Apache root]/conf/httpd.conf, remove '#' character in front of, or add the all following lineLoadModule proxy_module modules/mod_proxy.so
2/ Define your reverse proxy at the end of the configuration file :> ProxyPass /proxy www.proxy-easysdi:8080/proxy > ProxyPassReverse /proxy www.proxy-easysdi:8080/proxy >
With this configuration, the map viewer makes requests for content in the name-spaced of the reverse proxy. The reverse proxy then sends those requests to the actual Proxy location and returns the content as if it was itself the origin.
Proxy Service configuration
The Map viewer sends GetCapabilities requests on the remote services added to the map to retreive for each available operation the URL to query.
With the use of the Apache module_proxy, those URL won't be overwritten with the reverse proxy URL (eg : www.my-easysdi.com/proxy) (this is not the purpose of this module) and will expose URL of the original location (eg : www.proxy-easysdi:8080/proxy). The following map requests for those operations will failed due to crossdomain restriction.<GetFeatureInfo> <Format>application/vnd.ogc.gml</Format> <DCPType> <HTTP> <Get> <OnlineResource xlink:href="http://www.proxy-easysdi:8080/proxy/ogc/myvirtualwms?"/> </Get> <Post> <OnlineResource xlink:href="http://www.proxy-easysdi:8080/proxy/ogc/myvirtualwms?"/> </Post> </HTTP> </DCPType> </GetFeatureInfo>
To get around this problem, the EasySDI Proxy proposes a Host translator option for each proxied service (called Virtual Service, see EasySDI component Service documentation).
Use your reverse proxy URL as the host translator, will allow the EasySDI Proxy to overwrite all the URL contained in the capabilities document and then all the requests from the Map viewer to be correctly redirected.
To follow the previous example :
- You set a vitual service named 'myvirtualwms' in your EasySDI Proxy configuration.
- The original address of this service is www.proxy-easysdi:8080/proxy/ogc/myvirtualwms
- With the configured Apache reverse proxy, this service can be reached at www.my-easysdi.com/proxy/ogc/myvirtualwms
- Set "www.my-easysdi.com/proxy/ogc/myvirtualwms" as the Host Translator value, then the capabilities document will be overwritten and expose redirected URL, eg :<GetFeatureInfo> <Format>application/vnd.ogc.gml</Format> <DCPType> <HTTP> <Get> <OnlineResource xlink:href="http://www.my-easysdi.com/proxy/ogc/myvirtualwms?"/> </Get> <Post> <OnlineResource xlink:href="http://www.my-easysdi.com/proxy/ogc/myvirtualwms?"/> </Post> </HTTP> </DCPType> </GetFeatureInfo>