2

first time asker, but many times you helped me back in the day. Great job! I ask this because I'm struggling here with and issue I'm unable to solve, and as my PHP (and cURL) knowledge is so scarce, I'm lost.

The Background

I'm developing a Javascript app, that needs to connect to several different servers and make XMLRPC calls to them. The app is working perfectly running it locally (disabling cross-domain security), but to make it run online I knew I had to use a cross-domain proxy, so after several days of searching and investigating, I didn't found one that could make the work, so I managed to make one myself (not without blood and sweat). Know what? It (almost) works!!!

This is my proxy.php:

<?
function readHeader($ch, $header) {
    //extracting data to send it to the client
    $headers = explode("\n", $header);

    foreach ($headers as $item) {

        // $string= str_replace($delimiter, $mainDelim, $string);
        if (strpos($item, 'Set-Cookie:') !== false) {
            $cookie = trim(substr($item,strlen('Set-Cookie:')));
            header('X-Set-Cookie:' . $cookie);
        } else {
            header($item);
        }
    }
    return strlen($header);
}

$allowed_domains = array('domain1.com', 'domain2.com');

header('Content-Type: text/html; charset=iso-8859-1');

$REFERRER = $_SERVER['HTTP_REFERER'];

if ($REFERRER == '') {
    // What do you do here?
    exit(header('Location: index.html'));
}

$domain = substr($REFERRER, strpos($REFERRER, '://') + 3);
$domain = substr($domain, 0, strpos($domain, '/'));

if (!in_array($domain, $allowed_domains)) {
    exit(header('Location: index.html'));
}

$XMLRPC_SERVICE = $_SERVER['HTTP_X_PROXY_URL'];

$xml = $HTTP_RAW_POST_DATA;

$header[] = "Content-type: text/xml; charset=utf-8";
$header[] = "Connection: close";
$header[] = "Accept: text/xml";

if ($_SERVER['HTTP_X_SET_COOKIE'])
    $cookie = $_SERVER['HTTP_X_SET_COOKIE'];

if ($_SERVER['HTTP_X_PROXY_URL'] === "other-domain.com")
    $header[] = "x-custom-header: value";

$ch = curl_init($XMLRPC_SERVICE);

//URL to post to
curl_setopt($ch, CURLOPT_URL, $XMLRPC_SERVICE);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
if ($cookie)
    curl_setopt($ch, CURLOPT_COOKIE, $cookie);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
curl_setopt($ch, CURLOPT_HEADERFUNCTION, 'readHeader');

$response = curl_exec($ch);

if (curl_errno($ch)) {
    echo curl_error($ch);
} else {
    curl_close($ch);
echo $response;
}
?>

The Issue

As I've said, I got it working partially. In fact, it works for most of the usual XMLRPC needs.

It gets the remote server address from the HTTP_X_PROXY_URL header of the request, and using cURL makes the call and returns the values to the javascript client without issues.

The problem comes when I need to get/send a session cookie (probably when getting it, because the cookie value is pretty different when I make calls directly from the app locally). In any case, I can't get the cookie stuff to work. As you see, I'm surrounding the Set-Cookie browser protection on AJAX calls with my own X-Set-Cookie header, that the proxy gets to use or translates accordingly, but the issue with cookies is here, and I can't use cookies, that are critical for app functionality.

DaveRandom
  • 87,921
  • 11
  • 154
  • 174
deCorvett
  • 61
  • 1
  • 3
  • 1
    Have you considered sending an [`Access-Control-Allow-Origin:`](https://developer.mozilla.org/En/HTTP_access_control) header to permit cross-site AJAX from the client side? It might be easier than try to build a proxy that will successfully navigate all the edge cases for this... – DaveRandom Feb 08 '12 at 11:39
  • I don't have control at all over the remote servers, so I can't implement that. That's why I'm using a proxy. – deCorvett Feb 08 '12 at 11:50

0 Answers0